Security III
Explore essential security best practices for managing IAM roles, temporary credentials, and network configurations in AWS. This lesson helps you understand how to implement least privilege, handle credential security, design secure network access between VPCs, and manage encryption keys. You will gain the knowledge needed to secure containerized and serverless applications, meeting AWS Certified Developer – Associate exam requirements.
We'll cover the following...
Question 33
A company manages multiple containerized applications on Amazon ECS and serverless functions on AWS Lambda, all of which require unique access to various AWS resources (e.g., DynamoDB, S3).
To adhere to the principle of Least Privilege, which two security best practices should a developer implement? (Select any two options.)
A. Use a single IAM role for all ECS services and Lambda functions.
B. Assign an IAM role with permissions tailored to each service or function.
C. Allow the default AWS-managed AdministratorAccess policy for all resources.
D. Use resource-level permissions and condition keys in the IAM policies.
E. Grant the necessary permissions directly to the IAM user that deploys the ECS services and Lambda functions, and then allow those resources to inherit the user’s permissions.
Question 34
An application uses temporary credentials obtained through the AWS Security Token Service (STS) AssumeRole API call. The development team wants to minimize the security risk associated with these credentials if they are compromised.
Which two actions represent security best practices for credential and session management? (Select any two options.)
A. Configure ...