In this post, I am going to share some quick tips, including Q&A and useful links from Day 3 of AWS Solution Architect Associate covering Module 2: Security Management in AWS.
We also covered hands-on Lab 5, Lab 7, Lab 8, and Lab 19 out of our 30+ extensive labs.
The previous week, In the Day 2 session, we covered topics Create EC2 Windows Machine, Linux Machine, and Webserver.
Two weeks before, In the Day 1 session, we covered topics Cloud Service Model, AWS Services, Create FREE Tier Account, and Ways to Access Services.
Identity & Access Management (IAM)
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources. IAM is a feature of your AWS account offered at no additional charge.
Check out: AWS (IAM)
Q1. Is AWS IAM free?
Ans. IAM is a feature of your AWS account offered at no additional charge. You will be charged only for the use of other AWS services by your users. To get started using IAM, or if you have already registered with AWS, go to the AWS Management Console and get started with these IAM Best Practices.
Q2. What are the benefits of IAM?
Ans. The Benefits of IAM are –
- Improved security.
- Information sharing.
- Ease of use.
- Productivity gains.
- Reduced IT Costs.
Q3. What are the components of IAM?
Ans. Here are the components
Q4. How do I find my IAM role in AWS?
Ans. Under the AWS Management Console section, choose the role you want to view. On the Selected role page, under Manage users and groups for this role, you can view the users and groups assigned to the role.
AWS WAF
Q5. On which layer does AWS WAF work?
Ans. AWS WAF is a web application firewall (WAF) that helps you protect your websites and web applications against various attack vectors at the application layer (OSI Layer 7).
Q6. Is AWS WAF global or regional?
Ans. For a CloudFront distribution, AWS WAF is available globally, but you must use the Region US East (N. Virginia) for all of your work. You must create your web ACL using the Region US East (N. Virginia).
Also Check: What is AWS SNS?
AWS Shield
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. When you use AWS Shield Standard with Amazon CloudFront and Amazon Route 53, you receive comprehensive availability protection against all known infrastructure (Layer 3 and 4) attacks.
Q7. What is the difference between AWS Shield and WAF?
Ans. AWS WAF is a firewall that can protect you from multiple types of attacks and provide various options for whitelisting. AWS Shield is a single-purpose service. In contrast, AWS Shield is a managed Distributed Denial of Service (DDoS) protection tool for your AWS-based applications.
Q8. Is AWS Shield automatic?
Ans. AWS Shield Standard is automatically enabled for all AWS customers at no additional cost. AWS Shield Advanced provides additional protections against more sophisticated and larger attacks for your applications running on Amazon EC2, Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Route 53.
Also Check: What is AWS Auto Scaling?
AWS Key Management Service (KMS)
AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
Q9. Does AWS have access to my KMS keys?
Ans. When you create a key in KMS, it is called a Customer Master Key, or CMK. The CMK is actually a data structure that contains your symmetric key and metadata about the key. The CMK is protected by an Amazon HSM key. The AWS Key Management Service provides encryption keys, and both you and Amazon have access to the key.
Q10. What is the maximum data size supported by AWS KMS?
Ans. The size limit is 4KB. If you want to digitally sign data larger than 4KB, you have the option to create a message digest of the data and send it to AWS KMS.
Also Check Our blog post on Amazon AWS Cognito.
Quiz Time (Sample Exam Questions)!
With our AWS Solution Architect Associate training program, we cover 250+ sample exam questions to help you prepare for the certification SAA-C03.
Check out one of the questions and see if you can crack this…
Ques. Which of the following services can be used as a web application firewall in AWS?
A. AWS EC2
B. AWS WAF
C. AWS Firewall
D. AWS Protection
Comment down your answer below in the comment box. The right answer will be revealed in my next week’s blog.
Here is the answer to the question shared last week.
Ques. Which AWS service or feature can be used to monitor CPU usage?
A. AWS CloudTrail
B. VPC Flow Logs
C. Amazon CloudWatch
D. AWS Config
Correct Answer: C
Explanation:– Amazon CloudWatch is a monitoring and management service that provides data and actionable insights for AWS, hybrid, and on-premises applications and infrastructure resources.
Also Read: Our blog post on AWS Solution Architect Interview Questions.
Feedback
We always work on improving and being the best version of ourselves from the previous session hence constantly asking for feedback from our attendees.
Here are the feedbacks that we received from our trainees who attended the session…
Related/Reference
- Top 100 AWS Interview Questions You Must Prepare in 2023
- AWS Networking Fundamentals | A Brief Introduction for Beginners
- AWS Certified DevOps Engineer Professional DOP-C02
- Amazon RDS: Introduction and Tutorial for Beginners
- AWS Security Official Documentation
- AWS Certified Solutions Architect Associate SAA-C03: Everything You Need To Know
Next Task For You
Begin your journey towards an AWS Cloud by joining our FREE Informative Class on Amazon Cloud Free Class by clicking on the below image.
Leave a Reply