AWS IAM Flashcards
AWS Documentation - https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html
What is IAM
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources.
What can you do with IAM?
With IAM, you can manage permissions that control which AWS resources users can access.
You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
What type of identity is created when you first open an AWS Account?
A root user identity.
After creating a new user in IAM, how is that user authenticated in the account?
Authentication is provided by matching the sign-in credentials to a principal (an IAM user, federated user, IAM role, or application) trusted by the AWS account.
If an Identity is trusted by an AWS Account, what steps are taken to grant access?
A request is made to grant the principal access to resources.
Access is granted in response to an authorization request if the user has been given permission to the resource.
When an identity accesses the console, then selects a service to access, how is that identity granted/denied access?
When you select a service, the request for authorization is sent to that service and it looks to see if your identity is on the list of authorized users, what policies are being enforced to control the level of access granted, and any other policies that might be in effect.
