Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Certified Developer -- Associate > Security Token Service > Flashcards

Security Token Service Flashcards

1
Q

Security Token Service

A

allows you to grant a trusted user temporary and controlled access to AWS resources.
consist of access key and session token. user come from 3 sources: Federation(Typically Active Directory);
Federation with Mobile Apps(Google, Facebook, Open ID to login);
Cross Account Access: Let users from one AWS account access resources in another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Federation

A

create a trust relationship between an identity provider and aws.
User can sign into an identity provider like Amazon, facebook, Google etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

identity broker

A

is in charge of mapping the user to the right set of credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Identity Store

A

Facebook, Google, Amazon etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Identity

A

a user or identity within an identity store.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Temporary Credentials with EC2

A

assign an IAM role to the EC2 instance
get automatic temporary security credentials from the instance metadata using the AWS SDKs/CLI.
donot have to explicitly get credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Temporary Credentials with AWS SDKs

A

§ Call the AWS STS API (AssumeRole) with your code
§ Extract the credentials and session token, and use those values for future
calls to AWS
§ Make sure you renew credentials before the old ones expire (some SDKs do
this for you)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Temporary Credential with APIs

A

§ Sign requests with your temporary security credentials that you get from
AWS STS
§ Use the access key ID and secret access key, and add your session token to
the API request
– Add the session token to an HTTP header
– OR add it to a query string parameter named X-AMZ-Security-Token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A corporate web application is deployed within an Amazon VPC, and is
connected to the corporate data center via IPSec VPN. The application must
authenticate against the on-premises LDAP server. Once authenticated, loggedin
users can only access an S3 keyspace specific to the user.

A

Solution:
§ Develop an identity broker to authenticate against LDAP
§ Identity broker calls the STS API to receive temporary credentials
§ Application can then access the temporary AWS permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Active Directory Federation:

A

Through SAML and AD first then sign in to AWS using AssumeRoleWithSAML API

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS Certified Developer -- Associate (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions