Fatskills
Practice. Master. Repeat.
Study Guide: Securing AWS Resources
Source: https://www.fatskills.com/aws-certified-solutions-architect-associate/chapter/securing-aws-resources

Securing AWS Resources

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~3 min read

1. How can you tell when you’re using the root account?
If you’re using the root account, you can open up billing from the AWS Management Console. In addition, if you use an email address and a password to log in to AWS, you are using the root account.

2. What is the best way to give an application secure access to AWS services?
The best way to provide an application secure access to AWS services is to create an IAM role and assign it to the application by adding the role to the EC2 server that hosts the application.

3. What is the advantage of using a resource policy instead of an identity-based policy to protect an S3 bucket?
The advantage of using a resource policy is that all the entities that need access to the resource must be named in the policy. In contrast, with an identity-based policy, the IAM user is not named in the policy directly, as the policy is directly attached to the IAM user, thereby allowing a level of access. This could be great; but consider the situation where an IAM policy is mistakenly added to an IAM user to provide access. This situation could not occur with a resource policy, as each entity that requires access must be named within the policy.

4. What is the best method for controlling access to AWS resources?
The best method for controlling access to AWS resources is through IAM roles. IAM roles provide temporary access to a resource. In addition, a role’s access keys are controlled by AWS Security Token Service. Finally, using IAM roles means you don’t have to create as many IAM users.

5. Why should in-line policies be discouraged in most cases?
In-line policies may serve a need, such as specifying that a specific IAM user will have access; the issue is documentation—that is, remembering what you may have done. Administrators must manage in-line policies differently because they are not shared with other entities.

6. Which tool can you use to check your policies for proper functionality?
You can use Policy Simulator to check your IAM policies when they are not working properly.

7. How can AWS Organizations help you manage multiple AWS accounts?    
AWS organizations help you manage multiple AWS accounts in a treelike structure, which allows you to take advantage of consolidated billing and centralized security settings using service control policies.

8. What is required to run a script from the command-line interface?
To run a script from the command-line interface, you must first install the CLI appropriate to your operating system (Linux, Windows, or Mac). Next, you must have the access key and secret access keys for the IAM user that you will be using to execute the script from the CLI. Finally, you must execute AWS Configure and enter the region where you will be running the script, as well as your access keys.



ADVERTISEMENT