Sunday, February 12, 2023

AWS AUTHENTICATION

 

 

WHAT IS WEB IDENTITY ROLE?

Answer: 

Allows users federated entity access into your AWS EKS cluster using IAM role.


HOW DOES WEB IDENTITY WORK?

  • User obtains a temporary AWS credentials to sign in
  • The application is able to access resources using the IAM role, S3 Bucket and DynamoDB.
  • The EKS cluster then verifies the AWS credentials and the identity of the web provider and assume IAM role on behalf of the user.


WHAT DO YOU UNDERSTAND ABOUT THE BELOW:

IAM LEAST PRIVILEGE

Answer:

 Every organization implement least privilege by leveraging IAM   policies that allow minimal level of access adequate to perform a specific task. 

 For example: You give a user access to ONLY "read data" from an S3 buckets. 


FEDERATING:

Answer:

To Federate organization entities to AWS IAM, one can leverage  AWS identity provider and roles as well as connect into a corporate directory using AWS Single sign-on and then set-up that permission which manages IAM the roles. 


SINGLE-SIGN-ON (SSO): 

Answer:

With SSO, one can centrally manage access to multiple accounts or business applications. AWS SSO management console or AWS CLI can be used to set up and manage SSO environment. Below are the steps taken to configure SSO:


  • AWS SSO documentation
  • Set-up SSO
  • Create a domain
  • Add AWS account
  • What application are we accessing
  • Create a user domain
  • Test SSO


WHAT IS THE DIFFERENCE BETWEEN ROLES AND ROLE:

Answer:

ROLE: Is a single IAM entity authorization that is assumed by a  user or service. 

ROLES: Is the entire set of roles that exist within an AWS account.


LIST THE TYPES OF IAM POLICIES:

Answer:

  • Service control policies : 
  • Permission boundaries
  • Identity
  • Resource


WHAT DO YOU UNDERSTAND ABOUT SECURITY TOKEN SERVICE ( STS) ?

Answer:
STS ensures that users have access they need and only for the duration they need as it its timestamp. To secure the environment by implementing fine-grained controls. 

 WALK THROUGH ON HOW TO ACCESS STS?

STS- IS GLOBAL ACCESS: It can be access programatically not through the AWS CONSOLE SEARCH. 

AN STS will returns: Once you use the API actions 
Access key, secret key ,Session Token, Expiration .
"CREATE USER "- Programmatic access- no permission-create role-managed permission- Trust relationships-trust user- copy Arn of user- change the services- to AWS ARN- update trust policy- user can assume role (s3fullaccess)- 
$creds = (use-STSRole -Role arn of the trust)- it generate the STS temp of the credentials and I set expiration.  
i.e- You can have one principle and  multiple role achieving this. 



This is to guide beginners on what to expect during interviews. I will be posting more tips   ðŸ˜Š

For more interview tips, kindly click the link below.

Reference: https://docs.aws.amazon.com/iam/

https://emmie-questia.blogspot.com/2023/02/top-10-interview-questions-on-s3.html


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

CONFIGURING A PHISHING CAMPAIGN IN MICROSOFT DEFENDER.

Configuring a phishing campaign in Microsoft Defender (specifically Microsoft Defender for Office 365) involves creating a simulated attack ...