Module 4 Flashcards
What is AWS responsibility?
1) software: compute, storage, database, networking
2) Hardware: regions, AZs, edge locations
-> this means physical security of data centers, instance isolation, intrusion detection
What is customer responsibility?
1) customer data
2) platform, apps, IAM
3) OS, network & firewall configuration: client-side data, encryption, data integrity & authentication, server side encryption, networking traffic protection
-> this means patching & maintaining OS, apply role-based access to apps, secure passwords, configure security groups, install firewalls, configure networks, manage account (logins, permissions)
What are components of IAM?
- user
- group
- policy
- role
What are the 2 types of policies?
1) identity based
2) resource based
How can you secure a new AWS account? (8)
- IAM
- Multi factor authentication
- cloudtrail
- billing Reports
- aws organizations
- KMS (create & manage encryption keys)
- cognito
- aws shield
How can you control S3 data access? (5)
1) amazon s3 block public access
2) IAM policies
3) bucket policies
4) ACLs
5) AWS trusted advisor
How can you ensure compliance? (3)
1) AWS compliance programs (eg. ISO)
2) AWS config
3) AWS artifact
