Questions and Answers
IAM Roles are a more secure way to grant permissions compared to using access key ID's and secret access keys because roles do not have credentials; instead, __________ keys are created and provided dynamically
temporary
Role assumption is a mechanism primarily used for __________ access and functionality
cross-account
IAM Roles issue keys that are valid for __________ durations, making them a more secure way to grant access
short
IAM Roles can be assumed by anyone who needs it; they are not uniquely associated with one person or application, making them a flexible way to grant __________
Signup and view all the answers
Role assumption allows you to authenticate a user first, who has no permissions at all, and then assume a role inside an AWS account that has specific __________
Signup and view all the answers
IAM Roles provide a secure way to grant access to entities you trust, and they are much more secure than using __________ access key ID's and secret access keys
Signup and view all the answers
User user_siim can not stop EC2 instance, it can assume role ______, that is allowed to do that
Signup and view all the answers
All cross-account accesses are done by using ______ tokens
Signup and view all the answers
Assumed roles are meant to be always ______ and do not have the same scope as an actual user
Signup and view all the answers
No need to share security ______
Signup and view all the answers
Control who has access Example EC2 instance: Easy to manage access keys Automatic key rotation AWS SDK/CLI fully ______
Signup and view all the answers
AWS Organizations is an account management service that enables consolidating multiple AWS accounts into an organization that can be created and centrally managed. AWS Organizations includes consolidated billing and account management capabilities that enable one to better meet the budgetary, security, and ______ needs of your business
Signup and view all the answers
CONTROL TOWER automates the setup of a new landing zone using best practices, blueprints for identity, federated access, and account structure. Some of the blueprints implemented on AWS Control Tower include: A multi-account environment using AWS Organizations. Cross-account security audits using AWS Identity and Access Management (IAM) and AWS IAM Identity Center. Identity management using the Identity Center default directory. Centralized logging from AWS CloudTrail, and AWS Config stored in Amazon Simple Storage Service (Amazon S3). ORGANIZATION (SERVICE) CONTROL POLICIES enables you to control which AWS service API’s are accessible by _________ list of API’s.
Signup and view all the answers
Control policies are applied and invisible to all users in the child account, including the _________ account.
Signup and view all the answers
Guardrails are high-level rules that provide ongoing governance for your overall AWS environment. Guardrails can be both preventive or detective. Preventive guardrails are implemented using service control policies (SCPs), which are a part of AWS Organizations. Detective guardrails are implemented using AWS Config Rules and AWS Lambda functions. Guardrails help in ensuring _________ access and security.
Signup and view all the answers
Cross-account security audits using AWS Identity and Access Management (IAM) and AWS IAM Identity Center help in ensuring that only authorized entities have access to resources by implementing proper _________ and permissions.
Signup and view all the answers
Temporary access keys are often used for short-term access to resources and services. These keys are typically associated with specific _________ that define the scope of access.
Signup and view all the answers
Role assumption is a technique where one IAM role can temporarily take on the _________ of another role to perform specific actions.
Signup and view all the answers
