Other Exam Tips

Question 1

Security Token Service

Answer 1

• Terms
  
  • Federation：Joining the list of users among Domains
  • Identity Broker: Services allows you to bring identity from one domain and federate it with another one.
  • Identity Store - Service like AD, Facebook, Google etc.
  • Identities - a user of service like Facebook etc.
• Case1:
  
  • Develop a Identity Broker communicate with LDAP and AWS.
  • Identity Broker authenticates with LDAP first THEN with AWS STS.
  • Application get temporary access to AWS resourses.
• Case2:
  
  • Develop a Identity Broker communicate with LDAP and AWS.
  • Identity Broker authenticates with LDAP get an IAM Role associate with a user.
  • Application authenticates with STS and assumes that IAM Role
  • Application uses that IAM Role access to AWS resourses

Question 2

Workspaces Quick Facts

Answer 2

• Win 7/Win10/Linux Experience
• Local Administrator Access to Install APPs
• Persistent and all data in D:\ is backed up every 12 hours
• You do not need an AWS account to login to workspaces, you can set up your own Idenity Federation e.g. AD

Question 3

Docker

Answer 3

• Software platform that is highly reliable, adaptive to any environment and infinitely scalable
• Packages software into a STD unit called Containers
• Components
  
  • Docker Image : ISO, AMI files to boot a Container
  • Docker Container:
  • Layers/Union File System : Update easily
  • DockerFile :
  • Docker Daemon / Engine
  • Docker Client : GUI
  • Docker Registries / Docker Hub
    *

Question 4

ECS

Answer 4

• AWS managed version of Docker service
• ECR is AWS Docker Registry service
• ECS Task Def. : select Docker images, CPU Memory , Containers to use
• ECS Scheduling : Server Scheduler and Client Scheduler
• ECS Container Agent :
  
  • only supported on EC2 Instances
  • Linux - based not Windows
• ECS Security :
  
  • Instance use IAM role to access ECS
  • ECS tasks use IAM role to access AWS resourses
  • SG only on Instance-level
  • OS configurable

Answer 5

*