Module 6 Flashcards
AWS Identity and Access Management (IAM)
enables you to manage access to AWS services and resources securely. IAM gives you the flexibility to configure access based on your company’s specific operational and security needs.
Root User
accessed by signing in with the email address and password that you used to create your AWS account. You can think of the root user as being similar to the owner of the coffee shop. It has complete access to all the AWS services and resources in the account.
IAM User
identity that you create in AWS. It represents the person or application that interacts with AWS services and resources. It consists of a name and credentials.
IAM policy
a document that allows or denies permissions to AWS services and resources. IAM policies enable you to customize users’ levels of access to resources. For example, you can allow users to access all of the Amazon S3 buckets within your AWS account, or only a specific bucket.
AWS Organizations
to consolidate and manage multiple AWS accounts within a central location.
When you create an organization, AWS Organizations automatically creates a root, which is the parent container for all the accounts in your organization.
service control policies (SCPs)
SCPs enable you to place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access.
AWS Artifact
a service that provides on-demand access to AWS security and compliance reports and select online agreements. AWS Artifact consists of two main sections: AWS Artifact Agreements and AWS Artifact Reports
denial-of-service (DoS) attack
a deliberate attempt to make a website or application unavailable to users. For example, an attacker might flood a website or application with excessive network traffic until the targeted website or application becomes overloaded and is no longer able to respond. If the website or application becomes unavailable, this denies service to users who are trying to make legitimate requests.
distributed denial-of-service attack.
The prankster and their friends repeatedly call the coffee shop with requests to place orders, even though they do not intend to pick them up. These requests are coming in from different phone numbers, and it’s impossible for the coffee shop to block them all. Additionally, the influx of calls has made it increasingly difficult for customers to be able to get their calls through.
AWS Shield Standard
automatically protects all AWS customers at no cost. It protects your AWS resources from the most common, frequently occurring types of DDoS attacks.
AWS Shield Advanced
a paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks.
AWS Key Management Service
enables you to perform encryption operations through the use of cryptographic keys.
cryptographic keys
A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data.
Amazon Inspector
Suppose that the developers at the coffee shop are developing and testing a new ordering application. They want to make sure that they are designing the application in accordance with security best practices. However, they have several other applications to develop, so they cannot spend much time conducting manual assessments
