IAM Flashcards

1
Q

What does IAM stand for?

A

Identity Access Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the role of IAM?

A

To control who is authenticated (signed in) and authorised (has permissions) to use resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is an IAM user?

A

End users: people, employees, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an IAM group?

A

A collection of users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are IAM policies?

A

A collection of documents in JSON format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the role of IAM policies?

A

To give permissions to what each user/group/role is able to do

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the role of an IAM group?

A

To set permissions for users within the group to inherit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the features of IAM? (10)

A
  1. Centralised control
  2. Shared access
  3. Granular permissions
  4. Identity federation
  5. Multi-factor authentication
  6. Temporary access
  7. Customisable password rotation policy
  8. AWS service integration
  9. PCI DSS compliance (credit card details)
  10. Eventually consistent
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the benefit of shared access in IAM?

A

Other people can gain permission to administer or use resources in your AWS account without having to share your password or access key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the properties of your initial sign-in identity under IAM? (3)

A
  • You begin with a single sign-in identity
  • This identity is called the root user
  • The root user has complete access to all AWS services and resources in the account
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the properties of newly created users? (2)

A
  • Have no permissions

- Are assigned an access key ID and secret access keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are access key ID and secret access keys used for? (2)

A
  • To access AWS via APIs and the command line

- Cannot be used to log into the console

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What happens if you lose your access key IDs and secret access keys? (2)

A
  • Must regenerate them

- You can only view your access key IDs and secret access keys once

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the benefit of identity federation in IAM? (2)

A
  • Allows users who already have passwords elsewhere to get temporary access to your AWS account
  • Does not create an IAM user
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the benefit of multi-factor authentication in IAM?

A

Requires users to prove physical possession of a hardware MFA token or MFA-enabled mobile device by providing a valid MFA code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are IAM permission conditions?

A

Conditions which must be present for the policy to take effect

17
Q

Give four examples of IAM permission conditions (4)

A
  • Time of day
  • SSL
  • MFA authentication
  • IP address