Security Flashcards
What is the AWS shared responsibility model
AWS controls security of the cloud and customers control security in the cloud
What is AWS Identity and Access Management (IAM)
enables you to manage access to AWS services and resources securely.
What is the AWS account root user
It has complete access to all the AWS services and resources in the account
What are the best practices for using the Root User account
-Do not use the root user for everyday tasks
-use the root user to create your first IAM user and assign it permissions to create other users.
-continue to create other IAM users, and access those identities for performing regular tasks throughout AWS
-Only use the root user when you need to perform a limited number of tasks that are only available to the root user
What is an IAM user
an identity that you create in AWS
What are the permissions associated by default when you create a new IAM user in AWS
no permissions associated with it.
What is the best practice when creating IAM users in AWS
create individual IAM users for each person who needs to access AWS
What is an IAM policy
a document that allows or denies permissions to AWS services and resources
What do IAM policies enable you to do
customize users’ levels of access to resources
What is the best practice when creating IAM policies
Follow the security principle of least privilege when granting permissions
What is an IAM group
a collection of IAM users
What occurs when you assign an IAM Policy to an IAM Group
all users in the group are granted permissions specified by the policy
What are IAM roles
an identity that you can assume to gain temporary access to permissions
What occurs when a user assumes an IAM role
they abandon all previous permissions that they had under a previous role and assume the permissions of the new role
What is the best practice when creating IAM Roles
ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term
What does multi-factor authentication (MFA) in IAM provide
an extra layer of security for your AWS account
What is the best practice for using MFA
enable MFA for the root user and all IAM users in your account