DOCSLIB.ORG

Amazon General Reference Reference Guide Version 1.0 Amazon General Reference Reference Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Amazon General Reference Reference Guide Version 1.0 Amazon General Reference Reference Guide Amazon General Reference Reference guide Version 1.0 Amazon General Reference Reference guide Amazon General Reference: Reference guide Amazon General Reference Reference guide Table of Contents Amazon General Reference .................................................................................................................. 1 Amazon security credentials ................................................................................................................ 2 Amazon users ............................................................................................................................ 2 Tasks that require root user credentials ................................................................................. 3 Amazon credentials .................................................................................................................... 3 Console access ................................................................................................................... 4 Programmatic access .......................................................................................................... 5 Temporary access keys ........................................................................................................ 6 Amazon account identifiers ......................................................................................................... 6 Finding your Amazon account ID .......................................................................................... 7 Best practices for managing Amazon access keys ........................................................................... 7 Protect or don't create your root user access key .................................................................... 8 Manage access keys for IAM users ........................................................................................ 8 Use IAM roles instead of long-term access keys ...................................................................... 9 Access the mobile app using Amazon access keys ................................................................... 9 Learn more ...................................................................................................................... 10 Amazon security audit guidelines ............................................................................................... 10 When you should perform a security audit .......................................................................... 11 Guidelines for auditing ...................................................................................................... 11 Review your Amazon account credentials ............................................................................ 11 Review your IAM users ...................................................................................................... 12 Review your IAM groups .................................................................................................... 12 Review your IAM roles ...................................................................................................... 12 Review your IAM providers for SAML and OpenID Connect (OIDC) ........................................... 12 Review Your mobile apps .................................................................................................. 13 Review your Amazon EC2 security configuration ................................................................... 13 Review Amazon policies in other services ............................................................................ 13 Monitor activity in your Amazon account ............................................................................. 14 Tips for reviewing IAM policies ........................................................................................... 14 Learn more ...................................................................................................................... 15 Amazon resources ............................................................................................................................ 16 Tagging Amazon resources ........................................................................................................ 16 Best practices .................................................................................................................. 16 Tagging categories ........................................................................................................... 17 Tag naming limits and requirements ................................................................................... 17 Common tagging strategies ............................................................................................... 18 Tagging governance .......................................................................................................... 19 Learn more ...................................................................................................................... 19 Amazon Resource Names (ARNs) ................................................................................................ 20 ARN format ..................................................................................................................... 20 Paths in ARNs .................................................................................................................. 21 Amazon IP address ranges ................................................................................................................. 22 Download ................................................................................................................................ 22 Syntax ..................................................................................................................................... 22 Filtering the JSON file .............................................................................................................. 24 Windows ......................................................................................................................... 24 Linux .............................................................................................................................. 25 Implementing egress control ..................................................................................................... 26 Windows PowerShell ......................................................................................................... 27 jq ................................................................................................................................... 27 Python ............................................................................................................................ 27 Release notes ........................................................................................................................... 28 Amazon APIs ................................................................................................................................... 30 API retries ............................................................................................................................... 30 Version 1.0 iii Amazon General Reference Reference guide Signing Amazon API requests .................................................................................................... 32 When to sign requests ...................................................................................................... 32 Why requests are signed ................................................................................................... 32 Signing requests ............................................................................................................... 33 Signature versions ............................................................................................................ 33 Signature Version 4 signing process .................................................................................... 33 Signature Version 2 signing process .................................................................................... 61 Amazon SDK support for Amazon S3 client-side encryption ........................................................... 68 Amazon SDK features for Amazon S3 client-side encryption .................................................. 68 Amazon S3 encryption client cryptographic algorithms ......................................................... 69 Document conventions ...................................................................................................................... 71 Amazon glossary .............................................................................................................................. 73 Version 1.0 iv Amazon General Reference Reference guide Amazon General Reference The Amazon General Reference provides information that is useful across Amazon Web Services. Contents • Amazon security credentials (p. 2) • Amazon resources (p. 16) • Amazon IP address ranges (p. 22) • Amazon APIs (p. 30) • Document conventions (p. 71) • Amazon glossary (p. 73) Version 1.0 1 Amazon General Reference Reference guide Amazon users Amazon security credentials When you interact with Amazon, you specify your Amazon security credentials to verify who you are and whether you have permission to access the resources that you are requesting. Amazon uses the security credentials to authenticate and authorize your requests. For example, if you want to download a protected
Load more

Recommended publications
  • Security in Cloud Computing a Security Assessment of Cloud Computing Providers for an Online Receipt Storage
    Security in Cloud Computing A Security Assessment of Cloud Computing Providers for an Online Receipt Storage Mats Andreassen Kåre Marius Blakstad Master of Science in Computer Science Submission date: June 2010 Supervisor: Lillian Røstad, IDI Norwegian University of Science and Technology Department of Computer and Information Science Problem Description We will survey some current cloud computing vendors and compare them to find patterns in how their feature sets are evolving. The start-up firm dSafe intends to exploit the promises of cloud computing in order to launch their business idea with only marginal hardware and licensing costs. We must define the criteria for how dSafe's application can be sufficiently secure in the cloud as well as how dSafe can get there. Assignment given: 14. January 2010 Supervisor: Lillian Røstad, IDI Abstract Considerations with regards to security issues and demands must be addressed before migrating an application into a cloud computing environment. Different vendors, Microsoft Azure, Amazon Web Services and Google AppEngine, provide different capabilities and solutions to the individual areas of concern presented by each application. Through a case study of an online receipt storage application from the company dSafe, a basis is formed for the evaluation. The three cloud computing vendors are assessed with regards to a security assessment framework provided by the Cloud Security Alliance and the application of this on the case study. Finally, the study is concluded with a set of general recommendations and the recommendation of a cloud vendor. This is based on a number of security as- pects related to the case study’s existence in the cloud.
    [Show full text]
  • (AWS) Security Workshop - Pre-Read Material
    Amazon Web Services (AWS) Security Workshop - Pre-read material It is highly recommended to go through the pre-read before attending the AWS Security workshop. Shared Responsibility Model Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. Customers should carefully consider the services they choose as their responsibilities vary depending on the services used, the integration of those services into their IT environment, and applicable laws and regulations. The nature of this shared responsibility also provides the flexibility and customer control that permits the deployment. As shown in the chart below, this differentiation of responsibility is commonly referred to as Security “of” the Cloud versus Security “in” the Cloud. AWS responsibility “Security of the Cloud” - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services. Customer responsibility “Security in the Cloud” – Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities.
    [Show full text]
  • Shiva's Waterfront Temples
    Shiva’s Waterfront Temples: Reimagining the Sacred Architecture of India’s Deccan Region Subhashini Kaligotla Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Graduate School of Arts and Sciences COLUMBIA UNIVERSITY 2015 © 2015 Subhashini Kaligotla All rights reserved ABSTRACT Shiva’s Waterfront Temples: Reimagining the Sacred Architecture of India’s Deccan Region Subhashini Kaligotla This dissertation examines Deccan India’s earliest surviving stone constructions, which were founded during the 6th through the 8th centuries and are known for their unparalleled formal eclecticism. Whereas past scholarship explains their heterogeneous formal character as an organic outcome of the Deccan’s “borderland” location between north India and south India, my study challenges the very conceptualization of the Deccan temple within a binary taxonomy that recognizes only northern and southern temple types. Rejecting the passivity implied by the borderland metaphor, I emphasize the role of human agents—particularly architects and makers—in establishing a dialectic between the north Indian and the south Indian architectural systems in the Deccan’s built worlds and built spaces. Secondly, by adopting the Deccan temple cluster as an analytical category in its own right, the present work contributes to the still developing field of landscape studies of the premodern Deccan. I read traditional art-historical evidence—the built environment, sculpture, and stone and copperplate inscriptions—alongside discursive treatments of landscape cultures and phenomenological and experiential perspectives. As a result, I am able to present hitherto unexamined aspects of the cluster’s spatial arrangement: the interrelationships between structures and the ways those relationships influence ritual and processional movements, as well as the symbolic, locative, and organizing role played by water bodies.
    [Show full text]
  • K-12 Workforce Development in Transportation Engineering at FIU (2012- Task Order # 005)
    K-12 Workforce Development in Transportation Engineering at FIU (2012- Task Order # 005) 2016 Final Report K-12 Workforce Development in Transportation Engineering at FIU (2012- Task Order # 005) Berrin Tansel, Ph.D., P.E., Florida International University August 2016 1 K-12 Workforce Development in Transportation Engineering at FIU (2012- Task Order # 005) This page is intentionally left blank. i K-12 Workforce Development in Transportation Engineering at FIU (2012- Task Order # 005) U.S. DOT DISCLAIMER The contents of this report reflect the views of the authors, who are responsible for the facts, and the accuracy of the information presented herein. This document is disseminated under the sponsorship of the U.S. Department of Transportation’s University Transportation Centers Program, in the interest of information exchange. The U.S. Government assumes no liability for the contents or use thereof. ACKNOWLEDGEMENT OF SPONSORSHIP This work was sponsored by a grant from the Southeastern Transportation Research, Innovation, Development and Education Center (STRIDE) at the University of Florida. The STRIDE Center is funded through the U.S. Department of Transportation’s University Transportation Centers Program. ii K-12 Workforce Development in Transportation Engineering at FIU (2012- Task Order # 005) TABLE OF CONTENTS ABSTRACT ...................................................................................................................................................... v CHAPTER 1: INTRODUCTION ........................................................................................................................
    [Show full text]
  • AWS Managed Services (AMS)
    AWS Managed Services (AMS) Application Developer's Guide AMS Advanced Operations Plan Version September 16, 2020 AWS Managed Services (AMS) Application Developer's Guide AMS Advanced Operations Plan AWS Managed Services (AMS) Application Developer's Guide: AMS Advanced Operations Plan Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. AWS Managed Services (AMS) Application Developer's Guide AMS Advanced Operations Plan Table of Contents Application Onboarding to AMS Introduction ........................................................................................ 1 What is Application Onboarding? ................................................................................................. 1 What we do, what we do not do .................................................................................................. 1 AMS Amazon Machine Images (AMIs) ............................................................................................ 2 Security enhanced AMIs ...................................................................................................... 4 Key terms .................................................................................................................................
    [Show full text]
  • Amazon Lumberyard Guide De Bienvenue Version 1.24 Amazon Lumberyard Guide De Bienvenue
    Amazon Lumberyard Guide de bienvenue Version 1.24 Amazon Lumberyard Guide de bienvenue Amazon Lumberyard: Guide de bienvenue Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Amazon Lumberyard Guide de bienvenue Table of Contents Bienvenue dans Amazon Lumberyard .................................................................................................... 1 Fonctionnalités créatives de Amazon Lumberyard, sans compromis .................................................... 1 Contenu du Guide de bienvenue .................................................................................................. 2 Fonctions de Lumberyard .................................................................................................................... 3 Voici quelques-unes des fonctions d'Lumberyard : ........................................................................... 3 Plateformes prises en charge ....................................................................................................... 4 Fonctionnement d'Amazon Lumberyard .................................................................................................
    [Show full text]
  • Amazon Documentdb Deep Dive
    DAT326 Amazon DocumentDB deep dive Joseph Idziorek Antra Grover Principal Product Manager Software Development Engineer Amazon Web Services Fulfillment By Amazon © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda What is the purpose of a document database? What customer problems does Amazon DocumentDB (with MongoDB compatibility) solve and how? Customer use case and learnings: Fulfillment by Amazon What did we deliver for customers this year? What’s next? © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Purpose-built databases Relational Key value Document In-memory Graph Search Time series Ledger Why document databases? Denormalized data Normalized data model model { 'name': 'Bat City Gelato', 'price': '$', 'rating': 5.0, 'review_count': 46, 'categories': ['gelato', 'ice cream'], 'location': { 'address': '6301 W Parmer Ln', 'city': 'Austin', 'country': 'US', 'state': 'TX', 'zip_code': '78729'} } Why document databases? GET https://api.yelp.com/v3/businesses/{id} { 'name': 'Bat City Gelato', 'price': '$', 'rating': 5.0, 'review_count': 46, 'categories': ['gelato', 'ice cream'], 'location': { 'address': '6301 W Parmer Ln', 'city': 'Austin', 'country': 'US', 'state': 'TX', 'zip_code': '78729'} } Why document databases? response = yelp_api.search_query(term='ice cream', location='austin, tx', sort_by='rating', limit=5) Why document databases? for i in response['businesses']: col.insert_one(i) db.businesses.aggregate([ { $group: { _id: "$price", ratingAvg: { $avg: "$rating"}} } ]) db.businesses.find({
    [Show full text]
  • I Cant Download Apps on Kindle Fire How to Install Marvel Unlimited App on Amazon Kindle Devices
    i cant download apps on kindle fire How to install Marvel Unlimited app on Amazon Kindle devices. Hello comic lovers, how’s it going. Today, I’m here with a tutorial on how you can use/install the Marvel unlimited app on your amazon kindle fire devices . Because Amazon’s Fire Tablet restricts users only to the Amazon app store and hence you can’t use apps that are not on their app store. But technically speaking as Amazon’s kindle devices runs on FireOS and that is based on android. So you should be able to use pretty much any android app. And Hence you just need to sideload the app you want. I’m here to tell you exactly how to do that. Two of Amazon’s Kindle devices were able to make it into my list of best tablets for comics. And I already explained there that you can’t use the Marvel Unlimited app on them. But worry not here I’m with this tutorial. And it’s really easy no root required, no ADB commands, no pc required. 1. Allow installation from Unknown Sources. The first step is to enable installation from Unknown sources. Don’t worry it just means from sources other than the app store. Here are the steps: 1. First go to Settings and then click on Security and Privacy . 2. Head over to the Advanced section and then enable Apps from Unknown Sources option. Now you’re good to go for the second step. 2. Download the Marvel Unlimited Apk. Now you need to download apk file for the Marvel Unlimited app.
    [Show full text]
  • Database Software Market: Billy Fitzsimmons +1 312 364 5112
    Equity Research Technology, Media, & Communications | Enterprise and Cloud Infrastructure March 22, 2019 Industry Report Jason Ader +1 617 235 7519 [email protected] Database Software Market: Billy Fitzsimmons +1 312 364 5112 The Long-Awaited Shake-up [email protected] Naji +1 212 245 6508 [email protected] Please refer to important disclosures on pages 70 and 71. Analyst certification is on page 70. William Blair or an affiliate does and seeks to do business with companies covered in its research reports. As a result, investors should be aware that the firm may have a conflict of interest that could affect the objectivity of this report. This report is not intended to provide personal investment advice. The opinions and recommendations here- in do not take into account individual client circumstances, objectives, or needs and are not intended as recommen- dations of particular securities, financial instruments, or strategies to particular clients. The recipient of this report must make its own independent decisions regarding any securities or financial instruments mentioned herein. William Blair Contents Key Findings ......................................................................................................................3 Introduction .......................................................................................................................5 Database Market History ...................................................................................................7 Market Definitions
    [Show full text]
  • AWS Certified Developer – Associate (DVA-C01) Sample Exam Questions
    AWS Certified Developer – Associate (DVA-C01) Sample Exam Questions 1) A company is migrating a legacy application to Amazon EC2. The application uses a user name and password stored in the source code to connect to a MySQL database. The database will be migrated to an Amazon RDS for MySQL DB instance. As part of the migration, the company wants to implement a secure way to store and automatically rotate the database credentials. Which approach meets these requirements? A) Store the database credentials in environment variables in an Amazon Machine Image (AMI). Rotate the credentials by replacing the AMI. B) Store the database credentials in AWS Systems Manager Parameter Store. Configure Parameter Store to automatically rotate the credentials. C) Store the database credentials in environment variables on the EC2 instances. Rotate the credentials by relaunching the EC2 instances. D) Store the database credentials in AWS Secrets Manager. Configure Secrets Manager to automatically rotate the credentials. 2) A Developer is designing a web application that allows the users to post comments and receive near- real-time feedback. Which architectures meet these requirements? (Select TWO.) A) Create an AWS AppSync schema and corresponding APIs. Use an Amazon DynamoDB table as the data store. B) Create a WebSocket API in Amazon API Gateway. Use an AWS Lambda function as the backend and an Amazon DynamoDB table as the data store. C) Create an AWS Elastic Beanstalk application backed by an Amazon RDS database. Configure the application to allow long-lived TCP/IP sockets. D) Create a GraphQL endpoint in Amazon API Gateway. Use an Amazon DynamoDB table as the data store.
    [Show full text]
  • Introduction to Amazon Web Services
    Introduction to Amazon Web Services Jeff Barr Senior AWS Evangelist @jeffbarr / [email protected] What Does It Take to be a Global Online Retailer? The Obvious Part… And the Not-So Obvious Part How Did Amazon Get in to Cloud Computing? • We’d been working on it for over a decade • Development of a platform to enable sellers on the Amazon global infrastructure • Internal need for centralized, scalable deployment environment for applications • Early forays into web services proved developers were hungry for more This Led to a Broader Mission • Enable businesses and developers to use web services (what people now call “the cloud”) to build scalable, sophisticated applications. “It's not the customers' job to invent for themselves. It's your job to invent on their behalf. You need to listen to customers. You need to invent on their behalf. Kindle, EC2 would not have been developed if we did not have an inventive culture.” - Jeff Bezos, Founder & CEO, Amazon.com Attributes of Cloud Computing No Up-Front Capital Low Cost Pay Only for What Expense You Use Self-Service Easily Scale Up and Improve Agility & Time- Infrastructure Down to-Market Deploy Last-Generation IT Services Cloud-Generation IT Services Cloud-Generation IT Services What’s the Difference? Last-Generation Cloud-Generation • IT department • Empowered users • Manual Setup • Automated Setup • Hours/Days/Weeks • Seconds/Minutes • Error-prone • Scripted & repeatable • Small scale • Any scale AWS PLATFORM Cloud-Powered Applications Management & Administration Administration Identity &
    [Show full text]
  • Implementación De Los Algoritmos De Factorización 201
    Universidad Complutense de Madrid Facultad de Informática Sistemas Informáticos 2010/2011 RSA@Cloud Criptoanálisis eficiente en la Nube Autores: Directores de proyecto: Alberto Megía Negrillo José Luis Vázquez-Poletti Antonio Molinera Lamas Ignacio Martin Llorente José Antonio Rueda Sánchez Dpto. Arquitectura de Computadores Página 0 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Se autoriza a la Universidad Complutense a difundir y utilizar con fines académicos, no comerciales y mencionando expresamente a sus autores, tanto la propia memoria, como el código, la documentación y/o el prototipo desarrollado. Alberto Megía Negrillo Antonio Molinera Lamas José Antonio Rueda Sánchez Página 1 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Página 2 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Agradecimientos Un trabajo como este no habría sido posible sin la cooperación de mucha gente. En primer lugar queremos agradecérselo a nuestras familias que tanto han confiado y nos han dado. A nuestros directores José Luis Vázquez-Poletti e Ignacio Martín Llorente, por conseguir llevar adelante este proyecto. Por último, a todas y cada una de las personas que forman parte de la Facultad de Informática de la Universidad Complutense de Madrid, nuestro hogar durante estos años. Página 3 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Página 4 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Resumen En el presente documento se describe un sistema que aprovecha las virtudes de la computación Cloud y el paralelismo para la factorización de números grandes, base de la seguridad del criptosistema RSA, mediante el empleo de diferentes algoritmos matemáticos como la división por tentativa y criba cuadrática.
    [Show full text]