IAM and AWS CLI Flashcards
Is IAM region scoped?
No, it is a global service
True or False: IAM groups may contain other groups.
False, they may only contain users
What is the maximum number of groups a user can belong to?
Unlimited
Permissions can be assigned to a user or group through a _ document called a _
A JSON document called a policy
What are the 3 definitions that define an IAM policy?
- The policy language version (2012-10-17)
- Id (Optional)
- Statements
What are the 6 definitions that define an IAM policy?
- Sid (Optional)
- Effect (Allow/Deny)
- Principle (Who the policy applies to - Only for resource based policies)
- Action (Actions the policy allows/denys)
- Resource (Resources to which the actions can be applied to)
- Condition (Optional)
What are two different ways to protect users from being compromised?
- Password Policy
- MFA Policy
What are the different 4 MFA device options?
Virtual MFA (phones)
Universal 2nd Factor Security Key (U2F)
Hardware Key Fob MFA Device
AWS GovGloud Hardware Key
What are the 3 different options to access AWS
- AWS Management Console
- AWS Command Line Interface (CLI)
- AWS Software Developer Kit (SDK)
What IAM feature is used to give permissions to AWS services to perform actions on your behalf?
IAM Roles
What would you use to find information on user passwords, access credentials, MFA status, and last usage of credentials.
IAM Credential Report
What tool would you use to review IAM policies and service usage of IAM identities?
IAM Access Advisor
What are 8 best practices for IAM?
- Don’t use the root account
- One physical user = One AWS user
- Assign users to groups and permissions to groups
- Strong password policy
- Enforce MFA
- Use roles to assign permissions to AWS services
- Use access keys for CLI/SDK access
- Never share IAM users or access keys
