Identity and Access Management Flashcards
IAM makes it easy to provide multiple users _____ _____ to AWS resources.
Secure access
IAM can manage users’ credentials, MFA, and Groups. What are three other Key features that IAM offers?
- Roles
- Access policies
- Password policies
What must be explicitly granted to allow a user to access an AWS service?
Permission
IAM is a _____ service that is described as eventually _____.
IAM is a Universal service that is described as eventually consistent
3 Authentication methods:
- Console _________: use to login to AWS Management Console
- Access ___: Used for programmatic access
- _______ Certificates : Uses SSL/TLS certificates
- Console password: use to login to AWS Management Console
- Access keys: Used for programmatic access
- Server certificates: Uses SSL/TLS certificates
An IAM user is an entity that represents a _______ or _______
An IAM user is an entity that represents a person or service
IAM users can be created to represent applications, and these are known as _______ ________
IAM users can be created to represent applications, and these are known as Service accounts
You can have up to _____ users per AWS account
5000
IAM Groups are collections of _____ and have _____ attached to them
IAM Groups are collections of users and have policies attached to them
A ____ is not an identity and cannot be identified as a ____ in an IAM policy.
A group is not an identity and cannot be identified as a principal in an IAM policy.
Use groups to assign ______ to users.
Permission
You cannot ____ groups within groups
nest
IAM users or AWS services can assume a role to obtain ________ ________ credentials
IAM users or AWS services can assume a role to obtain temporary security credentials
Temporary security credentials are issued by the AWS ________ _____ Service
Temporary security credentials are issued by the AWS Security Token Service (STS)
IAM Policies are documents that define permissions that can be applied to _____, _____, or _____
IAM Policies are documents that define permissions that can be applied to users, groups, or roles
Policy documents are written in what programming language?
JSON
Resources-based policies are attached to a ________ or define permissions for a _________ accessing the resource
Resources-based policies attached to a resource or define permissions for a principal accessing the resource
AWS Organizations:
Service Control Policies (SCP) allow you to control the _________ _________ for an __________ or an __
Service Control Policies (SCP) allow you to control the maximum permissions for an organization or an OU
Session policies are used with __________ ___ actions
Session policies are used with AssumeRole API actions
IAM Best Practices:
Use ____ to assign permissions to IAM users
Use groups to assign permissions to IAM users
IAM Best Practices: Get started using permissions with AWS ____ _____
Get started using permissions with AWS managed policies
IAM Best Practices: Use customer-managed policies instead of ____ _____
Inline policies
IAM Best Practices: Use access levels to review ____ _____
IAM Permissions
IAM Best Practices: Use roles for applications that run on Amazon ____ __________
EC2 instances
