IAM Flashcards
What is a user?
An entity which represents a person or service
What permissions do users get when created?
None
What is the root account?
The email and password you used to create the account and it has unrestricted access to all content in the account
What are the best practices for the root account?
Don’t use it, create a user with admin permissions and require two factor auth.
What does a user consist of?
A user readable name and an Amazon Resource Name (ARN)
What are groups?
A collection of users which can have multiple attached policies
Can groups be assigned to other groups?
No
What is the best practice for giving permissions to users?
Least privilege
What is a role?
Define a set of permissions for making an AWS service request. They do not require a username or password and will give temporary security credentials
What are policies?
Policies written in JSON and define the permissions applied to users or groups. All permissions are denied by default.
What are the three authentication methods?
Access key, IAM user and signing certificate
What is an STS?
Security Token Service is a web service which enables you to request temporary credentials for IAM users.
