Section 7: AWS CLI, SDK, IAM Roles & Policies Flashcards
What can you use to develop and perform AWS tasks from your local computer?
The CLI
The SDK
What can you use to develop and perform AWS tasks from an EC2 instance?
The CLI
The SDK
The Instance Metadata Service for EC2
How to configure the AWS CLI (default profile) on your local computer?
aws configure
How to configure the AWS CLI (a specific profile) on your local computer?
aws configure โprofile profileName
What info do you have to provide when configuring the AWS CLI on your computer?
Access Key ID
Secret Access Key
Default Region Name
Default output format (leave to none by default)
Where are the config/credentials files stored on Windows?
In the User/.aws folder
How to configure the AWS CLI on an EC2 instance?
By assigning an AWS IAM role to the machine (or the ASG which will assign the role to the machine it creates)
Can you do โaws configureโ on an EC2 machine?
YOU SHOULD NEVER DO THAT! Your PERSONAL credentials should belongs on your PERSONAL compter
How to define what actions an IAM Role can perform?
By assigning policies to the IAM Role
How many roles can an EC2 instance have?
Only one
What are inline policies?
Policies that are creatable โinlineโ inside a role. Those inline policies wonโt be findable in the policies tab and wonโt be attachable to other roles
Should you use inline policies?
Itโs better to avoid using inline policies, just to facilitate their management
What visual tools can you use to generate policies? (2)
The visual editor integrated in โcreate policyโ page
The AWS Policy Generator
Is it possible to see what roles use a policy from the console, if so, how?
Yes, by looking at the โPolicy usageโ tab
Can custom IAM policies have versions?
Yes, you can view them in the โPolicy versionโ tab of a policy
What does AWS STS stand for?
AWS Security Token Service
How to test if an IAM role can perform a certain action?
Some CLI cmds can be tested using the โdry-run flag
You can use the AWS IAM Policy Simulator
How to decode an encoded authorization message?
By running the following cmd:
aws sts decode-authorization-message โencoded-message XXXXXXXXXXXXXXXX
How to run an AWS CLI command using a specific profile
By adding the following at the end of the command:
โprofile profileName
Can you attach IAM roles to on-premise servers?
No, you can only attach roles to AWS resources
What is AWS EC2 Instance Metadata, and how to get it?
Info about the EC2 instance
By running
curl http://169.254.169.254/latest/meta-data
From the EC2 instance
Can you retrieve IAM policies from the meta-data of an EC2 instance?
No
Can you retrieve the IAM Role name from the meta data of an instance?
Yes
What is the user data of an EC2 instance?
The launch script of the EC2 instance
What to use if you want to perform actions on AWS directly from your applications?
Use the AWS SDK
What do SDK stand for?
Software Development Kit
What languages have an official AWS SDK?
Java .NET Node.JS PHP Python Go Ruby C++
What are the two other names of the AWS python SDK
boto3
botocore
What does the AWS CLI uses under the hood?
The Python SDK (boto3)
What region will be used when using the SDK without specifying a region?
us-east-1
What is the default credential provider chain?
A way for the SDK to get the credentials to perform the actions it need to do.
What does the default credential provider chain look for?
On your local PC: It looks for your credentials in ~/.aws/credentails
On an EC2 instance: It looks for Instance Profile Credentials using IAM Roles
It looks for environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
Where should your credentials NEVER be?
In your code
In your commits
What is exponentials backoff?
A mechanism which most SDKs implement so that if an API request fails, it is going to double the time it waits before retrying the same request.
