Security Flashcards
What is a shared responsibilty model?
AWS is responsible for security of the cloud: hypervisor, network, physical building.
Customers are responsible for security in the cloud: data, application, os.
What does the security of the cloud consist of?
AWS controls the foundation servies - compute, storage, db, networking, data centers, infrastructure.
What does the security in the cloud consist of?
workloads, platform, applications, identity, access management, os, network, firewall, client encryption, server side encryption, network traffic connection.
What is a root user?
User which can do anything and control any resource in an account. Created with an account or an organization.
What is AWS IAM?
Identity Access Management - creating and granting access to users.
What is the default access for a new user created in IAM?
No permissions, not even to log in. Each permission needs to be granted explicitly.
What is the principle of least privilege?
User is granted access only to what they need.
What is an IAM policy?
A json document describing API calls user can/cannot make.
Fields in the IAM policy json item.
effect: allow/deny
action: any AWS API call
resource: specific resource
What are IAM groups?
They organize users that have the same policy attached to.
What are roles?
roles have associated permissions and can be assumed temporarily
What can be granted a role?
users, servuces, apps
What are AWS Organizations used for?
This is a central location to manage multiple AWS accounts.
- manage billing
- control access
- control compliance
- control security
- share resources across AWS accounts
Features of AWS Organizations
- centralized management of all AWS accounts
- consolidated billing + bulk discounts
- accounts can be grouped hierarchically - into Organizational Units
- control over AWS services and API action access
What is SCP
Service Control Policy
- specify maximum permissions for member account in an organization
- restrict resources, services, API actions for users/roles in each member account