1
Q
IAM polices with resource level permissions
A
EC2: Create permissions for instances such as reboot, start, stop, or terminate based all the way down to the instances ID.
EBS Volumes: attach, Delete, Detach.
EC2 actions that are not one of these above are not governed by resource-level at this time.
2
Q
Additional security measures such as MFS authentication are also available when acting on certain resources
A
you can require MFS before an API request to delete an object within an S3 bucket.
Decks in class (31)
# Cards
-
Account/Physical Organization18
-
VPC15
-
EC231
-
Lambda3
-
CloudWatch/CloudTrail/SNS3
-
Advanced Networking17
-
Troubleshooting24
-
S316
-
Route 5311
-
VPN14
-
CLI1
-
Databases11
-
SQS4
-
API Gateway9
-
Monitoring15
-
Deployment Service5
-
Analytics16
-
EC2 Container Service12
-
How to Design CLoud Services and Best Pratice2
-
Monitoring your AWS environment3
-
Architectual Trad-off Decisions3
-
Elasticity & Saclability6
-
Shared Security Responsibility Model2
-
AWS Platform compliance and security services12
-
DDoS Mitigation2
-
Encryption solutions3
-
Complex Access COntrol2
-
Cloud Watch for the security Architect1
-
CloudHSM4
-
Disaster Recovery6
-
Review98
