Module 6 Flashcards
Explain the AWS shared responsibility model.
The shared responsibility model divides into customer responsibilities (commonly referred to “security in the cloud” and AWS responsibilities (commonly referred to “security of the cloud”).
Customers are responsible for the security of everything that they create and put in the AWS Cloud. AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS Cloud.
What is the name of the AWS service that provides user permissions and access.
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely.
Explain the AWS account root user.
This is the account you have when you first create an AWS account. It has complete access to all the AWS services and resources in the account. This user can create the first IAM user with appropriate permissions and roles.
What does an IAM user in AWS consist of?
A name and credentials.
By default, what permissions does an IAM user have?
None. The root user must grant the IAM user the necessary permissions.
What is an IAM policy?
This is a document that allows or denies permissions to AWS services and resources. It allows your to customize user’s levels of access to resources.
What security principle does AWS recommend when granting permissions?
The principle of least privilege. This is to prevent users or roles from having more permissions than needed to perform tasks.
Describe an IAM group?
An IAM group is a collection of IAM users. When you assign an IAM policy to a group, all users in the group are granted permissions specified by the policy.
What IAM feature allows a user to gain temporary access to permissions?
IAM role
What is the purpose of AWS organizations?
AWS Organizations is used to consolidate and manage multiple AWS accounts within a central location.
What is the purpose of service control policies in AWS Organizations?
SCPs enable you to place restrictions on the AWS services, resources and individual API actions that users and roles in each account can access.
Describe organizational units.
In AWS Organizations, you can group accounts into organizational units to make it easier to manage accounts with similar business or security requirements. You can also apply policies to an Organizational Unit.
Describe AWS Artifact Agreements.
In AWS Artifact Agreements, you can review, accept and manage agreements for accounts in AWS organizations
Describe AWS Artifact Reports.
In AWS Artifact Reports you can access AWS compliance reports from third-party auditors. This is useful in that you can show your own auditors and regulators how AWS is compliant in different security aspects.
What is the purpose of the Customer Compliance Center?
This contains resources to help you learn more about AWS compliance.
