Advanced IAM

Question 1

AWS Directory Service, what are the five key points about this set of services?

Answer 1

• is a family of managed services
• connects aws resources with on premises AD (active directory)
• stand alone directory in the cloud
• uses existing corporate credentials
• SSO Single Sign On to any domain joined ec2 service.

Question 2

What are the AD compatible services offered by aws?

Answer 2

• managed Microsoft AD
• AD connector
• Simple AD

Question 3

What are the non AD compatible directory services that aws offers?

Answer 3

• cloud directory

- cognitive user pools

Question 4

An ARN is a pointer to a unique aws resource, what are the key parts in this and in which order do they come in?

Answer 4

Partition = aws / aws-cdn etc
Service = the aws service such as s3 etc
Region = the region and az for example us-east-1
Account-Id =the account to which the resource belongs.

Question 5

There are two types of policies in AWS these are…

Answer 5

Identity policies - for IAM users

Resource policies - for resources such as ec2 or lambda etc.

Question 6

True or false, evaluating policies where more than one is attached to a resource or user, if some contain deny rules, how are they processed.

Answer 6

AWS merges all policies together, if any contain deny rules, these will supersede any allow rules for the same resource or action on that resource in aws.