IAM

Question 1

IAM JSON policy documents are composed of what elements?

Answer 1

Effect
Action
Resource
Condition (optional)
Principal (optional)

Question 2

IAM policy Effect does what?

Answer 2

Allow or Deny action(s) on resource(s)

Question 3

IAM policy Action does what?

Answer 3

Describes the specific API action

Question 4

Whatis an IAM policy Resource?

Answer 4

Specifies the object or objects using the Amazon Resource Name (ARN) format

Question 5

IAM policy Condition is?

Answer 5

Specifies conditions for the policy to be in effect

Question 6

What is an IAM policy Principal?

Answer 6

Specifies the entity (account, user, role or service) that is allowed or denied access to a resource

Question 7

What are SCPs and where are they applied?

Answer 7

Service Control Policies (SCP) specify the maximum permissions that the accounts administrator can delegate to the IAM users and roles in the affected accounts and is applied to an account, OU or organisational root.

Question 8

What is the difference between SCPs and permission boundaries?

Answer 8

A permission boundary does not provide permissions but sets the maximum permissions and is assigned to an IAM entity. SCPs are hierarchical and are applied to the entire organisation or to OUs.

Question 9

What does IAM Access Analyzer provide?

Answer 9

A report that identifies access to your resources from outside of the organization