Section 4: IAM & AWS CLI Flashcards
(20 cards)
What does IAM stand for?
identity and access management
What can groups contain?
only users
What is a policy?
a json set of rules that defines permissions for users
Is IAM region specific?
no, it is global
What do policies belong to?
groups and users
What is the policy structure?
version
id
statement
What is the policy statement structure?
sid (optional)
effect
principal
action
resource
condition (optional)
What is effect in a policy statement?
allow or deny access
What is principal in a policy statement?
states users to which this policy applied to
What is action in a policy statement?
the actions that the policy allows or denies
What is condition in a policy statement?
condition when the policy will take effect
(works like an if statement with key-value pairs)
What is resource in a policy statement?
the resources the effect can use
What is a password policy?
admin setup password rules (i.e. how many characters and how often you need to change them) as well as MFA
What is CloudShell?
AWS cloud based terminal
What is an IAM Role?
a set of permissions for an entity to interact with AWS services
What are the two types of IAM security tools?
credentials report and last accessed
What does the credentials report show?
shows all user activity across the whole account
What does last accessed show?
shows which services the user has been accessing
What is AWS responsible for in the Shared Responsibility Model?
infrastructure (global security)
configuration and vulnerability
compliance validation
(Everything platform related)
What are you responsible for in the Shared Responsibility Model?
users/group permissions
MFA
rotating keys
reviewing permissions
