DEV Community: Azaan MHD

AWS Solutions Architect Associate Exam Preparation Quiz 1

Azaan MHD — Sun, 06 Oct 2024 11:15:32 +0000

Let's consider a scenario where your company's Trainee Engineer stores an access key with an access key ID and secret access key in a Text file on a custom Amazon Machine Image(AMI). The company uses the access key to access Amazon DynamoDB tables from instances created from the AMI.Do you consider this as a security risk? If yes, As a mentor what will be the security best practice for this scenario?

(A).Pass the access key to the instances through instance user data.
(B).Obtain the access key from a key server launched in a Private Subnet.
(C).Put the access key in an Amazon S3 bucket and retrieve the access key on boot from the Instance.
(D).Create an IAM role with permission to access the Table and launch all instances with the new role.

**Note - *

(1).Access keys should not be stored on the EC2 Instance directly.
(2).The Best Practice is to use IAM Roles attached to the instance, which allows the instance to securely access other AWS services without storing credentials.
(3).If access keys must be used, They can be stored in AWS Secrets Manager or Parameter store and retrieved at runtime, but avoid hard-coding them or using environment variables for for security reasons.

**Best Practice - *

Use IAM Roles: Always prefer using an IAM role attached to the instance to access other AWS services. This is the most secure and recommended approach by AWS.

Avoid Hardcoding Access Keys: Never hardcode access keys in your application code, environment variables, or configuration files on the instance.

Use Secrets Manager or Parameter Store: If you must store sensitive information like access keys, use AWS Secrets Manager or Parameter Store and have your instance retrieve them securely at runtime.

Rotate Credentials: Ensure that any long-term credentials you use are rotated regularly, but it's better to avoid long-term credentials altogether in favor of IAM roles and temporary credentials.

Finally the Answer is - D

(D).Create an IAM role with permission to access the Table and launch all instances with the new role.

IAM Service in AWS

Azaan MHD — Sat, 03 Aug 2024 18:20:43 +0000

Key Points about IAM

IAM - Identity and Access Management.
IAM - It is one of the key service provided for the AWS users and Group to access the AWS resources securely.
IAM - It is advisable to create IAM user/groups after the account creation and from the newly created AWS admin user we can create many users/groups.
IAM - AWS IAM user account which has admin privilege can be able to assign resources to the user/group accounts it creates.(Note that the account which is used to create AWS environment initially is called Admin/Super user account.)

IAM - It is recommended to create users from the IAM service for the following reasons-

(1).To avoid unlimited access to resources - It keeps the root/super user account secure.
(2).IAM admin users can be tracked - It is useful for audit and troubleshooting

IAM Users -

It can be a person or service - Used to interact with AWS resources based on the security credentials and permissions.(what action for what services resources)

Features of IAM users -

(1).Unique set of credentials(password and access keys) - To interact with AWS services.
(2).Permissions - It is Defined using IAM Policies(JSON Documents). It specify what actions are allowed or denied on which resources.
(3).Groups - IAM users can be organized into groups therefore permissions can be assigned to groups.
(4).MFA(Multi-Factor Authentication) - Extra layer of security.
(5).Programmatic Access - IAM users can have access keys to interact with AWS service via APIs,SDKs,or the AWS CLI.
(6).Console Access - IAM users also can have password for accessing the AWS Management Console.

Usecase of IAM User -

(1). To track and manage individual user access activities - Individual access.

Python List - Introduction 01

Azaan MHD — Wed, 31 Jul 2024 14:03:35 +0000

List is a common data structure in many programing languages to manipulate sequence of element inside in it. In Python List is a data structure and element inside it can be any data type. such as:-Integers,floats,Strings,lists,tuple,Dictionaries,sets,booleans, and also custom objects and functions.

For Example:-

# Define various data types
integer_value = 4
float_value = 3.14
complex_value = 3 + 4j
string_value = "Hello, Kaniyam!"
list_value = [1, 2, 3]
tuple_value = (4, 5, 6)
dictionary_value = {"name": "Kaniyam Foundation", "Date_of_birth": "2012-01-01", "Age_as_at_2024": 12}
set_value = {7, 8, 9}
frozenset_value = frozenset([10, 11, 12])
boolean_value = True
bytes_value = b"kaniyam"
bytearray_value = bytearray(b"Kaniyam")
memoryview_value = memoryview(b"Kaniyam")

def function():
    return "Kaniyam"

lambda_value = lambda x: x + 1

class MyClass:
    pass

my_object = MyClass()

# Create a list containing all these elements
List_of_data_types_which_can_be_included_in_the_List_data_structure_in_python = [
    integer_value, float_value, complex_value, string_value, list_value, tuple_value, dictionary_value, set_value, frozenset_value,
    boolean_value, bytes_value, bytearray_value, memoryview_value, function, lambda_value, my_object
]

# Print the list
print(List_of_data_types_which_can_be_included_in_the_List_data_structure_in_python)

Output:

[4, 3.14, (3+4j), 'Hello, Kaniyam!', [1, 2, 3], (4, 5, 6), {'name': 'Kaniyam Foundation', 'Date_of_birth': '2012-01-01', 'Age_as_at_2024': 12}, {8, 9, 7}, frozenset({10, 11, 12}), True, b'kaniyam', bytearray(b'Kaniyam'), <memory at 0x7e608fedc1c0>, <function function at 0x7e60c4dc67a0>, <function <lambda> at 0x7e60c4dc6cb0>, <__main__.MyClass object at 0x7e60c4dea6b0>]