AWS IAM Flashcards
What is a User in IAM?
A User represents a person, employee, etc.
What is a Group in IAM?
I group represents a collection of Users. Each User in a Group will inherit the permissions of the Group.
What is a Policy in IAM?
A Policy is made up of policy documents, formatted in JSON. Policy documents define what a User/Group/Role is allowed to do.
What is a Role in IAM?
Roles can be used to give resources permission to interact with other resources.
Do regions affect IAM?
No, IAM is universal.
What is the Root Account?
The Root Account is the initial account created when AWS is first set up.
What permissions do new Users have?
New Users have NO permissions when first created.
What are Users assigned when first created?
New Users are assigned an Access Key ID and a Secret Access Key.
What are Access Key IDs and Secret Access Keys for?
They are used to programmatically access the AWS ecosystem.
Are Access Key IDs and Secret Access Keys required for console access?
No!
Where can I find a User’s Access Key ID and Secret Access Key?
You are given one chance to save the Access Key ID and Secret Access Key as a CSV file when the user is first created.
Should you set up MFA on the Root User Account?
Yes! This is an AWS best practice.
Does IAM allow password policies?
Yes! You can create and customize your own password and rotation policies.
What is Authorization?
Authorization determines which services and resources an authenticated identity has access to.
What is Authentication?
Authentication happens when you present your identity (username) and provide verification (password).
How does AWS handle Explicit and Implicit permissions?
Any permissions that are not Explicitly allowed are Implicitly denied.
If two policies have conflicting allow/deny permissions a single resource, which takes precedence?
Explicit denies overwrite everything else, even Explicit allows.
What does AWS do when multiple policies are attached to a resource?
AWS Joins or Unions all applicable policies.
What are Permission Boundaries?
Permission Boundaries control the maximum permissions that an IAM policy can grant.
