Authentication and Authorization Control for AWS Kinesis Analytics Application
Question
HikeHills.com (HH) is an online specialty retailer that sells clothing and outdoor refreshment gear for trekking, go camping, boulevard biking, mountain biking, rock hiking, ice mountaineering, skiing, avalanche protection, snowboarding, fly fishing, kayaking, rafting, road and trace running, and many more. HHruns their entire online infrastructure on java based web applications running on AWS.
The HH is capturing clickstream data and use custom-build recommendation engine to recommend products which eventually improve sales, understand customer preferences and already using AWS Streaming capabilities to collect events and transaction logs and process the stream. HHis using kinesis analytics to build SQL querying capability on streaming and planning to use different types of queries to process the data.
HH need to ensure proper authentication and authorization control for kinesis analytics application needs to be enabled.
How can this be achieved? select 2 options.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A, D.
Access to Amazon Kinesis Data Analytics requires credentials.
Those credentials must have permissions to access AWS resources, such as an Amazon Kinesis Data Analytics application or an Amazon Elastic Compute Cloud (Amazon EC2) instance.
Authentication - root user, IAM User, and IAM role thereby managing federated user access, AWS service access and Applications running on Amazon EC2
Access Control - through Permissions, policies, Actions and Resources.
https://docs.aws.amazon.com/kinesisanalytics/latest/dev/authentication-and-access-control.htmlThe correct answers are A and C.
A. Authentication and Access to AWS resources using following identities like root user, IAM User, and IAM role thereby managing federated user access, AWS service access, and Applications running on Amazon EC2:
AWS Identity and Access Management (IAM) provides authentication and authorization control for accessing AWS resources. IAM enables HH to create and manage IAM users, groups, and roles, and securely control access to AWS resources. With IAM, HH can define permissions for each user or group, including what actions they can perform and what resources they can access. IAM also enables HH to manage federated user access, AWS service access, and applications running on Amazon EC2. To enable authentication and authorization control for Kinesis Analytics, HH can use IAM roles to grant Kinesis Analytics access to the necessary resources.
C. Authentication and Access to AWS resources through Permissions, policies, Actions, and Resources:
HH can use IAM policies to define permissions for Kinesis Analytics. IAM policies are JSON documents that define permissions for actions, resources, and conditions. By creating and attaching IAM policies to IAM roles, HH can control what actions Kinesis Analytics can perform on which resources. For example, HH can create an IAM policy that allows Kinesis Analytics to read data from a specific Kinesis data stream and write data to a specific Amazon S3 bucket. IAM policies can also be used to enforce multi-factor authentication (MFA) for specific actions, require SSL/TLS encryption for specific connections, or restrict access to specific IP addresses or regions.
