IAM, Accounts and AWS Organizations Flashcards
What is the maximum number of IAM users in an AWS account
5000
Which of the following are features of IAM groups
- Admin groupings of IAM Users
- Can hold Identity Permissions
- Can be used to login (Access Keys)
- Can be used to login (Username and password)
- Can be nested
- Admin groupings of IAM Users
- Can hold Identity Permissions
Within AWS policies, what is always a priority?
Explicit Deny
What two policies are assigned to an IAM Role
- Permissions Policy
- Assumption Policy
- Resource Policy
- Trust Policy
- Permissions Policy
- Trust Policy
Which of the following are true for IAM Roles
- Roles have associated Long Term Credentials (Access Keys)
- Roles can be assumed
- When assumed - temporary credentials are generated
- Roles can be logged into
- When an identity logs into a role - temporary credentials are generated
- Roles can be assumed
- When assumed - temporary credentials are generated
What Three features are provided by AWS Organizations (pick all that apply)
- Consolidated billing
- Managed assistance for company and AWS account mergers
- AWS Account restrictions using SCP
- Account organisation via OU’s
- Protection against credential leaks
- Company ID reports
- Consolidated billing
- AWS Account restrictions using SCP
- Account organisation via OU’s
What functionality is provided by CloudTrail
- Log Ingestion
- Metrics management
- Account Restrictions
- Account wide Auditing and API Logging
- Account wide Auditing and API Logging
Is it possible to restrict what the Account Root User can do?
- Always
- Never
- If AWS Organisations are used
- If AWS Organizations are used .. but not the management account
- If AWS Organizations are used .. but not the management account
What is Role Switching?
- Changing the permissions on an IAM Role
- Changing the TRUST on a Role
- Changing who can assume a Role
- Logging into a Role
- Assuming a role in another AWS account to access that account via the console UI
- Assuming a role in another AWS account to access that account via the console UI
What are valid IAM Policy types (choose all that apply)
- AWS Managed Policy
- Customer Managed Policy
- Self-Managed Policy
- Inline Policies
- External Policies
- AWS Managed Policy
- Customer Managed Policy
- Inline Policies
What are trust policies
The trust policy defines which principals can assume the role, and under which conditions.
What are the 3 types of IAM identities
Users
Groups
Roles
When is it usually a good idea to create IAM users
When you can picture one, named thing
What are permissions policies
The permissions policy grants the user of the role the needed permissions to carry out the intended tasks on the resource.
What are the permissions policies priorities
First: Explicit deny
Second: Explicit allow
Third: Default deny
When should you use inline policies
For exceptions
Can you log into IAM groups
No
Do IAM groups have credentials
No
Can groups be references as a principal in a policy
No
Can groups be granted access by a resource policy
No
Is there a built0in all-users group in IAM
No
Can you do IAM group nesting
No
Can you use external accounts/identities to access AWS resources?
No
What kind of identity management should you use for a mobile app
Identity Federation
