Zackn
Forum Replies Created
-
Thanks, yes that video is more than 4 years old, a lot of things happened in AWS since 4 months ago 🙂
KMS is one of those services where a lot of changes happen quietly, so the AWS docs are the best sources for that. I have seen in some cases that the AWS docs dont reflect the actual production quickly enough!
-
Hi Carlo,
In this case, “resource-based” is not the right term to use, because the only thing at AWS which refers to “resource-based” is, really and usually, the resource-based policy attached to a service like S3 or KMS…
I believe the question should have been: what access control mechanisms AWS KMS supports, and the answer would be: key policies, IAM, and grants. AWS is explicit to have us know that the key policies are crucial and mandatory to have in place (in other words, we cannot ONLY use IAM policies).
-
OP: it is a tricky question indeed. I had the same reflex at first. However, I think the answer is in this AWS doc link:
https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users.html
“After you create a user pool, you can create, confirm, and manage users accounts. With Amazon Cognito user pools groups you can manage your users and their access to resources by mapping IAM roles to groups.”
So basically, User Pool Groups are used to create separate groups depending on different permissions (IAM roles) you decided to assign them. Anytime I see STS or directly accessing resources on AWS (via STS), I choose Identity Pool as the answer. However, in this question, I still think User Pool is the correct answer as it mentions User Pools and Groups. The word “grant” is tricky to say the least.
