Chapter 6 AWS

Create an IAM user and store the user name and password for the user in the application’s configuration.

Create an IAM user and store both parts of the access key for the user in the application’s configuration.

Run the application on an Amazon EC2 instance with an assigned IAM role

Make all the API calls over an SSL connection.

Service Name

Region

Action

Password

Change the password and add MFA to the root user.

Put an IP restriction on the root user.

Rotate keys and change passwords for IAM accounts.

Delete all IAM accounts.

Delete the administrator’s personal IAM account.

Relaunch all Amazon EC2 instances with new roles.

Installing ASP.NET on a Windows Server

Launching an Amazon Linux EC2 instance

Querying an Oracle database

Adding a message to an Amazon Simple Queue Service (Amazon SQS) queue

Password policies

Amazon DynamoDB global secondary indexes

MFA

Consolidated Billing

No policies are required.

Credentials do not need to be stored on the Amazon EC2 instance.

Key rotation is not necessary.

Integration with Active Directory is automatic.

Amazon EC2 roles

MFA

Root user

Federation

Add multi-factor authentication (MFA) to the accounts.

Limit logins to a particular U.S. state.

Implement a password policy on the AWS account.

Apply a source IP address condition to the policy that only grants permissions when the user is on the corporate network.

Add a CAPTCHA test to the accounts.

Create a new policy allowing EC2:* actions, and name the policy NetworkTeam.

Assign the managed policy, EC2FullAccess, to a group named NetworkTeam, and assign all the team members’ IAM user accounts to that group.

Create a new policy that grants EC2:* actions on all resources, and assign that policy to each individual’s IAM user account on the network team.

Create a NetworkTeam IAM group, and have each team member log in to the AWS Management Console using the user name/password for the group.