What is the main benefit of multi factor authorization (MFA)?
If a password is stolen or hacked, the account is not compromised
What are the MFA devices option in AWS?
- Virtual MFA device (support for multiple tokens on a single device)
- UF2 Universal 2nd Factor Security Key (support for multiple root and IAM users using a single security key)
- Hardware Key Fob (3rd Party)
- Hardware Key Fob for AWS GovCloud (3rd party)
Should you share Access Keys?
No. AK are secret, just like a password. Because colleagues can generate their own AK as well.
How can users access AWS?
- AWS Management Console (protected by password + MFA)
- AWS Command Line Interface (CLI) (protected by access keys)
- AWS Software Developer Kit (SDK) (for code. Protected by access keys)
What can you do with AWS CLI?
- Direct access to the public APIs of AWS services
- Develop scripts to manage your resources
- It’s open-source
- Alternate to using AWS Management Console
What is AWS CLI?
A tool that enables you to interact with AWS services using commands in your command-line shell
What is AWS SDK?
A tool that enables you to access and manage AWS services programmatically
What is an API?
Mechanisms that enable two software components to communicate with each other using a set of definitions and protocols.
What does API stand for?
Application Programming Interface
What is AWS CloudShell?
A browser based, pre authenticated shell that you can launch directly from the AWS Management Console.
What is an IAM role?
A secure way to grant permissions to entities that you trust
What are common IAM Roles?
- EC2 Instance Roles
- Lambda Function Roles
- Roles for CloudFormation
What security tools can you use in IAM?
- IAM Credentials Report (account-level)
* IAM Access Advisor (user-level)
What is IAM Credentials Report?
Audits all users
What is IAM Access Advisor?
Audits specific users
Never share ___ users or ______ Keys
IAM - Access
What security tool should you use to audit permissions of your account?
IAM Credentials Report
Use ______ ____ for Programmatic Access (CLI/SDK)
Access Keys
Create and use _____ for giving permissions to AWS services
Roles
Don’t use the ____ _______ except for AWS account setup
Root account
Assign users to ______ and assign ___________ to groups
Groups - Permissions
What are IAM Policies?
JSON documents that outlines permissions for users or groups
Roles are given to..
EC2 instances or AWS services
Groups contain _____ only.
Users
-
Getting started w/ AWS1
-
IAM & AWS CLI29
-
EC2 Fundamentals57
-
EC2 - Solutions Architect Associate Level51
-
EC2 Instance Storage59
-
High Availability & Scalability: ELB & ASG85
-
AWS Fundamentals: RDS + Aurora + Elasticache55
-
Route 5335
-
Solutions Architecture Discussions Overview33
-
Amazon S3 Introduction28
-
AWS SDK, IAM Roles & Policies13
-
Advanced Amazon S3 & Athena47
-
CloudFront & AWS Global Accelerator30
-
AWS Storage Extras9
-
Serverless Overviews from a Solution Architect Perspective49
