AWS IAM Flashcards

1
Q

What is AWS Identity and Access Management (IAM)?

A

IAM is a service that allows you to define users and the types of access they will have to AWS services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the key components of IAM?

A

Users, groups, roles, and policies are the key components used to manage access in IAM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the purpose of IAM groups?

A

Groups are used to apply permissions efficiently by defining access policies for a collection of users with similar responsibilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an IAM policy?

A

An IAM policy is a document that defines access permissions independently of users and groups. It specifies what actions are allowed or denied on AWS services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the principle of least privilege in IAM?

A

The principle of least privilege means granting only the minimum permissions necessary for users, groups, and roles to perform their tasks, enhancing security by limiting access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the difference between identity-based policies and resource-based policies in IAM?

A

Identity-based policies are attached to users, groups, or roles and specify permissions for those identities. Resource-based policies are attached to resources like S3 buckets and control who can access the resource and what actions they can perform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an IAM role?

A

An IAM role is an identity in AWS with specific permissions that can be assumed by anyone who needs it. It does not have long-term credentials like passwords or access keys associated with it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is multi-factor authentication (MFA) in IAM?

A

MFA adds an additional layer of security by requiring users to provide an additional piece of information (such as an MFA code from a device) along with their username and password for access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How does IAM handle authorization?

A

IAM users, groups, and roles do not have permissions by default. Permissions must be explicitly granted through policies, following the principle of least privilege.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does IAM determine permission when a user requests access?

A

IAM first checks for explicit denial policies. If none exist, it checks for explicit allow policies. If neither is found, IAM defaults to deny access (implicit deny) unless an explicit allow statement is present.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is programmatic access in AWS IAM?

A

Programmatic access allows users to interact with AWS services through APIs, requiring an access key ID and secret access key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is AWS Management Console access in IAM?

A

AWS Management Console access allows users to interact with AWS services through the web-based management console, requiring a username and password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is multi-factor authentication (MFA), and why is it recommended?

A

MFA adds an extra layer of security by requiring users to provide a second form of verification, such as a code from a mobile app or a hardware token. It’s recommended to enhance security and protect against unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does IAM handle permissions in case of conflicting policies?

A

In IAM, if there is a conflict between an explicit allow statement and an explicit deny statement for the same action, the deny statement takes precedence, ensuring more restrictive access controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Can IAM groups contain other groups?

A

No, IAM groups cannot contain other groups. Each group can only contain users, and users can belong to multiple groups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is an IAM role, and how is it different from a user?

A

An IAM role is similar to a user in that it is an identity with specific permissions, but it does not have long-term credentials associated with it like passwords or access keys. Roles are intended to be assumable by anyone who needs the associated permissions.

17
Q

What is the purpose of a trust policy in an IAM role?

A

A trust policy in an IAM role defines which entities (users, services, or accounts) can assume the role and access its permissions.

18
Q

How does IAM enforce the principle of least privilege?

A

IAM follows the principle of least privilege by default, meaning that users, groups, and roles have no permissions until specific permissions are explicitly granted through policies.

19
Q

What are the different types of access that can be assigned to IAM users?

A

IAM users can be assigned programmatic access, which requires access keys for API calls, and/or AWS Management Console access, which allows access through the web console.

20
Q

How does IAM determine permission in resource-based policies?

A

In resource-based policies, IAM determines permission based on explicit allow or deny statements attached to the resource. If no explicit allow statement exists, IAM defaults to deny access.