Security Token Service Flashcards
What does STS stand for?
Security Token Service
What does STS do?
Grants users limited and temporary access to AWS resources.
From which sources can users take advantage of STS and gain access to AWS resources?
Federation (typically Active Directory)
Federation with Mobile Apps (Facebook, Google, etc)
Cross-account access
For Federation logon, which SSO protocol is used?
SAML (Security Assertion Markup Language)
For Federation logon, what is accessed based on?
Active Directory credentials
For Active Directory users, is an IAM account required?
No
For login via federation with mobile apps, which standard is used for login?
OpenID
What is Cross-account access?
Allows users from other AWS accounts access into another AWS account’s resources.
What is Federation?
Combining, or joining a list of users from one domain, to a list of users in another.
What is an identity broker?
A service that allows you to take an identity from point A and join it (federate it) to point B.
What is an identity store?
Service like Active Directoyy, Facebook, Google, etc.
What are identities?
A user of a service like Facebook, etc.
True or false: When using STS, the application bypasses its own authentication mechanism and uses AWS STS?
False: The idenity broker is always called first.
What must an idenity broker provide AWS STS in order to grant a user AWS resources?
An IAM policy
A duration (1 - 36 hours)
permissions to be granted
What does STS provide back to the identity broker?
- Permission to create a token
- access key
- secret access key
- Token
- A token duration
