Security Flashcards
CLI Access
Security
Access AWS services by command line
Security
Use (3)
Security CLI Access
- Automation
- Running scripts
- Direct resource access
Security CLI Access
Access keys
Security
Key ID and Secret key pair created for CLI Access
Security
SDK
Security
Language specific APIs for application access
Security
Systems supported (3)
Security SDK
- Programming languages (like JS, Python, .Net)
- Mobile SDKs
- IoT SDKs
Security SDK
CloudShell
Security
Browser based shell that includes preloaded tools
Security
File management
CloudShell
can upload, edit, and download files
CloudShell
Default region
CloudShell
The current region you are browsing
CloudShell
Shared Responsibility Model
Security
Both AWS and Customer have security and compliance responsibilities
Security
Employees
AWS Responsibility
Access and training for Amazon employees
AWS Responsibility
Physical
AWS Responsibility
data centers, hardware, and network
AWS Responsibility
Updates
AWS Responsibility
patching of cloud infrastructure and services
AWS Responsibility
Users (2)
Customer responsibility
- Training
- Least privilege access
Customer responsibility
Data
Customer responsibility
security and encryption of data and code
Customer responsibility
Configuration
Customer responsibility
OS, network, and firewall
Customer responsibility
Updates
Customer responsibility
patching guest OS and custom applications
Customer responsibility
Artifact
Compliance
self-service access to AWS agreements and compliance reports
Compliance
GuardDuty
Compliance
Monitors accounts and workloads for malicious activity
Compliance
Cognito
Security
provides user sign-up, sign-in, and access control for custom applications
Security
Federation
Security
can federate with social and enterprise identity providers
Security
Network ACL
Security
Security controls at the subnet level in a VPC
Security
Traffic control
Network ACL
May allow or deny traffic based on conditions
Network ACL
Default ACL
Network ACL
Allow all traffic
Network ACL
VPN
Security
Encrypted tunnel over Internet into VPC
Security
Endpoint options (2)
VPN
- Datacenter
- individual clients
VPN
Service types
VPN
Site-to-site or client
VPN
Shield
Security
Managed detection and mitigation of DDoS attacks
Security
Macie
Security
Data leakage protection powered by ML
Security