This service provides you with cost-efficient and resizable capacity while automating time-consuming administration tasks
What are the native AWS Security logging capabilities?
Most of the AWS services have their logging options. Also, some of them have an account level logging, like in AWS CloudTrail, AWS Config, and others. Letâs take a look at two services in specific:
This is a service that provides a history of the AWS API calls for every account. It lets you perform security analysis, resource change tracking, and compliance auditing of your AWS environment as well. The best part about this service is that it enables you to configure it to send notifications via AWS SNS when new logs are delivered.
This helps you understand the configuration changes that happen in your environment. This service provides an AWS inventory that includes configuration history, configuration change notification, and relationships between AWS resources. It can also be configured to send information via AWS SNS when new logs are delivered.
6 What are policies and what are the different types of policies?
Policies define the permissions required to execute an operation irrespective of the method used to perform it. AWS supports six types of policies:
1- Identity-based policies- They are JSON permissions policy documents that control what actions an identity can perform, under what conditions, and on which resources. These policies are further classified into 2 categories:
- Managed Policies– These policies are standalone identity-based policies that can be attached to different users, groups in your AWS environment.
- Inline policies- These policies are directly attached to a single user, group, or role. In situations where inline policies are used, a strict one-to-one relationship between a policy and an identity is maintained.
2- Resource-based policies- These policies are the ones attached to a resource such as an Amazon S3 bucket. They define which actions can be performed on the particular resource and under what circumstances.
3- IAM permissions boundaries- They actually refer to the maximum level of permissions that identity-based policies can grant to the specific entity.
4- Service Control Policies (SCPs)- SCPs are the maximum level of permissions for an organization or organizational unit.
5- Access Control lists- They define and control which principals in another AWS account can access the particular resource.
6- Session policies- They are advanced policies that are passed as a parameter when a temporary session is programmatically created for a role or federated user.
7 Can you take a backup of EFS like EBS, and if yes, how?
Yes, you can use the EFS-to-EFS backup solution to recover from unintended changes or deletion in Amazon EFS. Follow these steps:
3 What is the difference between stopping and terminating an EC2 instance?Â
While you may think that both stopping and terminating are the same, there is a difference. When you stop an EC2 instance, it performs a normal shutdown on the instance and moves to a stopped state. However, when you terminate the instance, it is transferred to a stopped state, and the EBS volumes attached to it are deleted and can never be recovered.Â