AWS Accounts and Security Fundamentals

These flashcards cover essential concepts related to AWS accounts, security frameworks, MFA, and IAM.

What is an AWS account?

An AWS account is fundamentally a container for identities (users) and AWS resources.

What are the key components of an AWS account?

Identities (users) and resources (services and infrastructure provisioned inside the account).

What is required to create a new AWS account?

Account Name, a unique email address, and a payment method.

What is the role of the account root user in AWS?

The root user has full control over its associated AWS account and cannot be restricted in terms of permissions.

What are the risks associated with the AWS account root user?

If compromised, the root user can lead to complete deletion of resources within the account.

How does AWS billing work?

AWS operates on a pay-as-you-consume model, charging for services based on actual usage.

What is the default security stance of AWS accounts?

By default, all access to an AWS account is denied unless explicitly allowed.

What does Identity and Access Management (IAM) allow users to do?

IAM allows the creation of additional identities, such as IAM users, groups, and roles.

What is the least privilege principle in IAM?

Only the permissions needed for specific tasks should be granted to identities.

What are IAM policies?

Policy documents that define permissions (allow or deny) for AWS resources when attached to IAM identities.

What is Multifactor Authentication (MFA)?

A security measure requiring multiple forms of identity verification to enhance account security.

What are the factors involved in Multifactor Authentication?

Knowledge (something you know), possession (something you have), inherent (something you are), and location (where you are).

What is the importance of rotating IAM access keys?

Rotating access keys helps maintain security, minimizing the risk of credential leaks.

What are AWS access keys?

Access keys are long-term credentials used to authenticate to AWS services via the command line or APIs.

What does it mean to have least privileged access in AWS?

Granting only the permissions necessary for users to perform their specific tasks.