Security Flashcards
What is the shared responsibility model?
The shared responsibility model divides into customer responsibilities (commonly referred to as “security in the cloud”) and AWS responsibilities (commonly referred to as “security of the cloud”).
You can think of this model as being similar to the division of responsibilities between a homeowner and a homebuilder. The builder (AWS) is responsible for constructing your house and ensuring that it is solidly built. As the homeowner (the customer), it is your responsibility to secure everything in the house by ensuring that the doors are closed and locked.
What are customers responsible for in the shared responsibility model?
Customers are responsible for the security of everything that they create and put in the AWS Cloud.
When using AWS services, you, the customer, maintain complete control over your content. You are responsible for managing security requirements for your content, including which content you choose to store on AWS, which AWS services you use, and who has access to that content. You also control how access rights are granted, managed, and revoked.
What is AWS responsible for in the shared responsibility model?
AWS is responsible for security of the cloud.
AWS operates, manages, and controls the components at all layers of infrastructure. This includes areas such as the host operating system, the virtualization layer, and even the physical security of the data centers from which services operate.
AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure includes AWS Regions, Availability Zones, and edge locations.
AWS manages the security of the cloud, specifically the physical infrastructure that hosts your resources, which include:
Physical security of data centers
Hardware and software infrastructure
Network infrastructure
What is first user role/identity when you create an AWS Account?
Root User
What is an IAM Policy?
An IAM policy is a document that allows or denies permissions to AWS services and resources.
IAM policies enable you to customize users’ levels of access to resources.
What is the security principle “least privilege”?
Follow the security principle of least privilege when granting permissions.
By following this principle, you help to prevent users or roles from having more permissions than needed to perform their tasks.
For example, if an employee needs access to only a specific bucket, specify the bucket in the IAM policy. Do this instead of granting the employee access to all of the buckets in your AWS account.
What is an IAM Group?
An IAM group is a collection of IAM users. When you assign an IAM policy to a group, all users in the group are granted permissions specified by the policy.
When should an IAM role be used?
IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term.
As best practice, what should be enabled for all root users and IAM users?
Multi-Factor Authentication (MFA)
What does AWS Organizations do?
You can use AWS Organizations to consolidate and manage multiple AWS accounts within a central location.
What are Service Control Policies?
SCPs enable you to place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access.
Which identities and resources can SCPs be applied to?
In AWS Organizations, you can apply service control policies (SCPs) to the organization root, an individual member account, or an OU.
What is AWS Artifact?
AWS Artifact is a service that provides on-demand access to AWS security and compliance reports and select online agreements.
AWS Artifact consists of two main sections: What are they?
AWS Artifact Agreements and AWS Artifact Reports.
What AWS service protects against Ddos attacks?
AWS Shield
