IAM Flashcards
What are the various benefits of IAM?
- Centralized control of AWS account
- Shared access to AWS account
- Granular permissions - allowing people to access one service but not the other
- Identity Federation (including Active directory, linkedIn, FB) - allows for ability to link to various accounts
- Multi Factor Authentication
- Provide temporary access for users/devices and services where necessary
- Setup password rotation policy
- Integrates with many AWS services
- supports PCI DSS compliance
Key terminology for IAM?
- Users - end users
- Groups - each user in group will inherit permissions of the group
- Policies - made up of policy documents that are made in JSON that provides permissions on what a group, user or role is allowed to do
- Roles - create a role and associate it to a resource. Allow one service to work with another service
How can you create an alias for your console link?
Using the customize link.
What region are you working in default in IAM?
Global
What is the root account?
The first account you create when creating your AWS account.
True or False. Users have no permissions when first created?
True. You need to create permissions for the users after creating them.
Can you use the access key and secret key to sign into the console?
No, you can only use these for programmatic access.
True or False. Service control policies (SCPs) offer central control over the maximum available permissions for all accounts in your organization, allowing you to ensure your accounts stay within your organization’s access control guidelines.
True.
True or False. IAM roles for ECS tasks enabled you to secure your infrastructure by assigning an IAM role directly to the ECS task rather than to the EC2 container instance. This means you can have one task that uses a specific IAM role for access to S3 and one task that uses an IAM role to access DynamoDB.
True.
True or False. IAM roles can not be specified at the container and task level on EC2 launch type and the task level on Fargate launch type.
False. IAM roles can be specified at the container and task level on EC2 launch type and the task level on Fargate launch type.
True or False. The permissions boundary for an IAM entity (user or role) sets the maximum permissions that the entity can have. This can change the effective permissions for that user or role. The effective permissions for an entity are the permissions that are granted by all the policies that affect the user or role. Within an account, the permissions for an entity can be affected by identity-based policies, resource-based policies, permissions boundaries, Organizations SCPs, or session policies.
True.
True or False. the solutions architect can set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy.
True.
True or False. Accounts can be migrated between organizations using the AWS Organizations console. To do this you must have root or IAM access to both the member and master accounts. Resources will remain under the control of the migrated account.
True.
