https://wiki.quizz.vn/ 2026-04-15T18:05:06+00:00 https://wiki.quizz.vn/ https://wiki.quizz.vn/lib/exe/fetch.php?media=wiki:dokuwiki.svg text/html 2025-12-28T13:43:08+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:security:cloudtrail&rev=1766929388&do=diff CloudTrail What it is: An AWS service that records API activity (who did what, when, from where). What it’s for: * Security auditing and investigation. * Compliance reporting. * Detect unexpected changes (e.g., someone changed IAM policy). text/html 2025-12-28T06:55:35+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:security:envelope-encrytion&rev=1766904935&do=diff Envelope Encryption What it is: A method where KMS protects a data key, and the data key encrypts the actual data. What it’s for: * Efficient encryption for large data (don’t use KMS directly to encrypt big payloads). * Common pattern used by many AWS services automatically. text/html 2025-12-28T13:41:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:security:iam&rev=1766929302&do=diff IAM (Identity and Access Management) What it is: AWS service for managing who can access AWS and what they can do. What it’s for: * Create identities (users/roles) and attach permissions (policies). * Enforce *least privilege* /liːst ˈprɪvəlɪdʒ/ (chỉ cấp đúng quyền cần). text/html 2025-12-28T06:55:29+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:security:kms&rev=1766904929&do=diff KMS (Key Management Service) What it is: A service to create, manage, and control access to encryption keys. What it’s for: * Encrypt data in AWS services (S3, EBS, RDS, DynamoDB, etc.). * Control who can use keys to encrypt/decrypt. * Audit key usage. text/html 2025-12-28T06:46:21+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:security:mfa&rev=1766904381&do=diff MFA (Multi-Factor Authentication) What it is: A login security method that requires two or more factors. What it’s for: * Protect IAM users from password theft. * Add stronger security for sensitive actions (can be enforced via IAM policy conditions). text/html 2025-12-28T06:55:58+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:security:secrets-manager&rev=1766904958&do=diff Secrets Manager What it is: A managed service to store and retrieve secrets securely. What it’s for: * Store DB passwords, API keys, tokens. * Rotate secrets automatically (optional). * Control access with IAM and audit usage. Key ideas: text/html 2025-12-28T06:56:24+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:security:ssm-parameter-store&rev=1766904984&do=diff SSM Parameter Store What it is: A feature of AWS Systems Manager to store configuration data and secrets as parameters. What it’s for: * Store app configs (URLs, flags) and secrets (passwords) securely. * Provide a central place to manage environment variables.