Security Flashcards
Shared responsibility model
Customer responsibility: Security in the cloud
AWS responsibility: Security of the cloud
AWS Identity and Access Management (IAM)
Manages access to AWS services and resources
Configure access based on your needs
AWS account root user
accessed by signing in with email address and pw you used to create AWS account
This has complete access to all services and resources in the account
Use the root user to create your IAM user and then give it permissions to create other users
IAM user
an identity you create in AWS, consists of a name and credentials
By default it has no permissions, you must grant the user permissions
Recommended to create individual IAM users for each person who needs to access AWS
This provides security by allowing each user to have a unique set of security credentials
IAM policies
A document that allows or denies permissions to AWS services and resources
Enables you to customize users level of access to resources
Follow the security principle of least privilege when granting permissions
IAM groups
Collection of IAM users
When you assign a policy to a group, all users in that group are granted permissions specified by the policy
IAM roles
Identity you can assume to gain temporary access to permissions
When someone assumes an IAM role, they abandon all previous permissions they had under a previous role and assume permissions of the new role
AWS Organizations
Consolidates and manages multiple AWS accounts within a central location
Service control policies
Centrally control permissions for the accounts in your org
An SCP defines a guardrail, or sets limits, on the actions that the account’s administrator can delegate to the IAM users and roles
You can apply SCPs to the organization root, an individual member account, or an organizational unit
AWS Artifact
provides on-demand access to AWS security and compliance reports
AWS Artifact Agreements
You can review, accept, and manage agreements for an individual account and for all your accounts in AWS organizations
Different types of agreements are offered to address the needs of customers who are subject to specific regulations
Ie HIPAA
AWS Artifact Reports
Provides compliance reports from third party auditors
Auditors have tested and verified that AWS is compliant with a variety of global, regional, and industry-specific standards and regulations
You can provide these audit artifacts to your auditor as evidence of AWS security controls
Customer Compliance Center
Contains resources to help you learn more about AWS compliance
Access compliance whitepapers and documentation
Distributed denial of service attack
Attack on your enterprise infrastructure
Shuts down your app’s ability to function so that it can’t operate
Bad actor overwhelms capacity to deny anyone your services
Attack leverages other machines around the internet
UDP Flood
Bad actor sends a request to an API such as weather data and gives a fake return address, system gets bogged down trying to sort through
Solution: security groups - only allow in proper request traffic