Security Flashcards
What controls access to AWS services?
Identity and Access Management (IAM)
How do you get to IAM?
https://console.aws.amazon.com/iam
What is a subset of a group?
user
What is a role made up of?
policies
What can assume a role?
a process
What gives a service access?
a role
Do you have to create roles for all services?
No. Sometimes they are created automatically.
What are the steps to creating a role for lambda functions?
IAM > Roles > Create Role > Highlight AWS service > highlight Lambda > click Next: Permissions
When creating a user, what are the two types of access a user can have?
programmatic access and aws management console access
What are the two types of pools Cognito offers?
user pools and identity pools
Which Cognito pool allows people access without a login?
identity pool
Which Cognito pool are accounts created on AWS via your app or your website?
user pool
How do you get to Cognito?
Console > Security > Cognito
How do you create a user pool in Cognito?
Click on cognito and then click Mange User Pools
How do you manage identity pools through the mobile hub?
Select if you want to allow access from Facebook, google, and amazon.
Cognito > create identity pool: Why would you enable access to unauthenticated identities?
Because some apps allow people access without requiring them to login.
Cognito > create identity pool > unauthenticated identities: How do you create options for SAML or OpenID?
AWS IAM console hyperlink > create provider
Cognito > create identity pool > unauthenticated identities > AWS IAM console hyperlink > create provider > select SAML for provider type: How do you enable metadata document?
Go to the saml identity provider service and register aws with it. Then, get the document.
