Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

aws cloud practitioner cert > IAM: identity and access management > Flashcards

IAM: identity and access management Flashcards

1
Q

IAM

A

ID and access management - a global service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

root account

A

created by default - don’t share

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

users

A

people within an org. can be grouped.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

groups

A

only contain users; users can belong to multiple groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IAM permissions

A
  • users / groups can be assigned JSON docs called Policies
  • policies define permissions of users
  • least privilege principle: don’t give more permissions than users need
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IAM Policies Structure

A
  • JSON
  • version: policy language version / always include “2022-12-16”
  • id: an identifier for the policy
  • statement: one or more individual statements (required) + has:
    • sid (statement id)
    • effect (whether statement allows/denies access)
    • principal (account/user/role to which this policy applied to)
    • action (list of actions this policy allows/denies)
    • resource (list of resources which actions apply to)
    • condition (for when policy is in effect - optional)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AWS Access 3 Options

A

AWS Management Console (generate Access Keys), AWS Command Line Interface (CLI), AWS Software Developer Kit (SDK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Access Keys

A

generated through AWS Management Console

  • key ID: username
  • secret access key: pw
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AWS CLI

A
  • direct access to public API of AWS Services
  • can develop scripts to manage resources
  • open-source, alternate to Management Console (same permissions)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AWS SDK

A
  • language specific APIs (set of libraries)
  • enables you to access + manage AWS services programmatically
  • supports Js, Python, PHP, .NET, Ruby, Java, Go, Node.js, C++
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IAM Roles

A

common roles: EC2 Instance Roles, Lambda Function Roles, roles for CloudFormation

trusted entity type: AWS Services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

IAM Credentials Report (Account Level)

A

report that lists all your account’s users and status of credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

IAM Access Advisor (User Level)

A

shows service permissions granted to a user and when services were last accessed

can use this to revise your policies to the least privilege principle (i.e, if a user isn’t using a service, remove service access)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Shared Responsibility Model

A

AWS: infrastructure (global network security), configuration + vulnerability analysis, compliance validation

Customer: users/groups/roles policy management, MFA across all accounts, rotate keys often, IAM permissions and access patterns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

aws cloud practitioner cert (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions