Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Developer Exam > IAM > Flashcards

IAM Flashcards

1
Q

What does IAM stand for?

A

Identity Access Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is IAM?

A

It is a AWS Service used to manage users and their level of access to the AWS console.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are IAM Users?

A

People using the AWS console.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are IAM Groups?

A

A Collection of users under 1 set of permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are IAM Roles?

A

Permissions that are created and assigned to:

  • AWS Resources
  • another AWS account
  • Web identity
  • or SAML
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are IAM Policies?

A

Documents that define one or more permissions. They can be attached to a:

  • User
  • Group
  • or Role
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What happens if you loose your Secret Access Key in IAM?

A

You have to generate a new Access Key and Secret Access Key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the 3 IAM Policy Types?

A

1) Managed
2) Customer Managed
3) Inline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe a Managed IAM Policy

A
  • Created and administered by AWS

- CANNOT be changed by the customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe a Customer Managed IAM Policy

A
  • Customer Created

- Used when managed policies don’t meet needs of your environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe an Inline IAM Policy

A
  • Embedded w/ in user group to which it applies
  • 1:1 relationship
  • Most cases AWS recommends managed over inlined policy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does AWS recommend for security (IAM)?

A

To use roles because it allows you not to use access key ids and secret access keys.

Roles are also controlled by policies which will take immediate affect if changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is identity federation?

A

It is an IAM feature that allows users to get temp access to your AWS account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is STS?

A

AWS Security Token Service

  • It creates and gives users temp security credentials to get access to AWS resources
  • Global Service with a single endpoint (https://sts.amazonaws.com)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the Assume Role Options?

A
  • AssumeRole
  • AssumeRoleWithSAML
  • AssumeRoleWithWebIdentity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When to use AssumeRole

A

Used for cross-account access.

Need temp credentials that include an access key ID, secret access key, and security token.

You can also include AWS MFA.

17
Q

When to use AssumeRoleWithSAML

A

Want users to have temp credentials who have been authenticated with a SAML authentication response.

Want to link enterprise identify store/directory to role-based AWS access without having to configure users.

Does not support MFA.

18
Q

When to use AssumeRoleWithWebIdentity

A

Want to get temp security credentials after a user has verified with :

  • Cognito
  • Amazon
  • Facebook
  • Google
  • OpenID Connect-compatible identity provider
19
Q

What is a GetFederationToken?

A

It is an STS Get Token that returns temp credentials for a federated user which include:

  • access key ID
  • secret access key
  • security token

Used typically for a proxy app that gets temp credentials for distributed app inside a corporate network.

Does NOT support MFA

20
Q

What is a GetSessionToken?

A

It is a STS Get Token that returns temp credentials for AWS account or IAM User.

  • access key ID
  • secret access key
  • security token

Used if want MFA to protect certain AWS API calls.

21
Q

When using the AWS CLI how can you make AWS API calls?

A

Use your Access Keys (must have necessary permissions attached to them)

Think EC2 login from console.

22
Q

What is AWS SSO?

A

It is a service that allows you to define federated access permissions for users or groups in a single centralized directory and allow them to access multiple AWS accounts. Works with IdP. As well as SAML-enabled cloud applications (Salesforce, Office365 ect).

Can also audit user’s access to cloud services using CloudTrail.

23
Q

Are IAM role secure to make API requests from instances?

A

Yes they are encrypted and rotated automatically.

24
Q

How to allow an on-premise data center to have access to various AWS services?

A

create a new IAM user with programatic access. Create crediential file on app server (~/.aws/credentials) with access keys.

For apps running outside of AWS env you must use an IAM user (even though best practice is role)

AWS Developer Exam (32 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions