IAM Flashcards
What are IAM components?
There are 4 elements in the list
- Groups
- Users
- Roles
- Policies
IAM policies use which file format?
JSON
In IAM, A policy that is directly attached to an individual user is called what?
Inline Policy
In IAM, How to apply permissions to multiple AWS users?
IAM Groups
What are the three types of IAM Policies?
Managed Policies
A policy which is managed by AWS, which you cannot edit. Managed policies are labeled with an orange box.
Customer Managed Policies
A policy created by the customer which is editable. Customer policies have no symbol beside them.
Inline Policies
A policy which is directly attached to the user.
In IAM, Which policy element identifies the user or role that the policy applies to?
Principal
Which policy element determines if the policy will Allow or Deny permissions?
Effect
In IAM, what are some elements you can find in a policy structure?
There are 8 elements in the list
- Version policy language version. 2012-10-17 is the latest version.
- Statement container for the policy element you are allowed to have multiples
- Sid (optional) a way of labeling your statements.
- Effect Set whether the policy will Allow or Deny
- Principal account, user, role, or federated user to which you would like to allow or deny access
- Action list of actions that the policy allows or denies
- Resource the resource to which the action(s) applies
- Condition (optional) circumstances under which the policy grants permission
Which are some options in an IAM password policy?
There are 8 elements in the list
- Uppercase letter
- Lowercase letter
- Number
- Symbol
- Allowed change its own password
- Password Expiration (days)
- Prevent reuse (Number of past passwords)
- Administration reset when it expires
You can use this in IAM to set minimum requirements for passwords, or rotate user passwords on a schedule
Password Policy
In IAM, How many access keys are allowed per user?
2
You can download your IAM access keys in which file format?
CSV
The 2 components of an IAM access key
- Access Key ID
- Secret Access Key
In IAM, The practice of requiring a second method of verification on-top of your regular password is called…
Multi-Factor Authentication (MFA)
In IAM, Can the Administrator account create a policy requiring MFA to access certain resources?
True
The user has to turn on MFA themselves, Administrator cannot directly enforce users to have MFA.
In IAM, Which AWS service provides the permissions for Cross-Account roles to be assumed?
- krɒs əˈkaʊnt
- əˈsumd
Security Token Service (STS)
True or False, cross-account roles let you grant resource access to other users who do not have an account specific IAM login to your account.
- krɒs əˈkaʊnt
- grænt
True
This special kind of IAM role allows granting access to your AWS resources for someone in a different AWS account
ˈgræntɪŋ
Cross-Account Roles
krɔs əˈkaʊnt roʊlz
Which API actions can be used to obtain credentials via STS? (The first 3 elements)
ˈviə
- AssumeRoleWithWebIdentity
- AssumeRole
- AssumeRoleWithSAML
əˈsum roʊl wɪð wɛb aɪˈdɛntəti
This AWS service allows you to programmatically provide users with a temporary set of credentials to access limited AWS resources
Security Token Service (STS)
In IAM, Which common protocol does web identity federation generally adhere to?
ədˈhɪr
OpenID Connect (OICD) 2.0
What would be one example of Enterprise Identity Federation?
- SAML (Microsoft Active Directory Integration)
In IAM, This method of authentication allows you to authenticate your users with an external 3rd party service
Identity Federation
In IAM, What is the first step for authentication when using AssumeRoleWithWebIdentity?
“Assume Role With Web Identity”
Authenticating with the external identity provider
