AWS Module 4: AWS Cloud Security (ITM2) Flashcards

1
Q

What is the basic structure of the statements in an IAM Policy?

A

Effect - says whether to Allow or Deny the permissions.

Action - specifies the API calls that can be made against an AWS Service (eg cloudwatch:ListMetrics).

Resource - defines the scope of entities covered by the policy rule (eg a specific Amazon S3 bucket or Amazon EC2 instance, or * which means any resource).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Managed Policies

A

Managed Policies are pre-built policies (built either by AWS or by your administrators) that can be attached to IAM Users and Groups. When the policy is updated, the changes to the policy are immediately apply against all Users and Groups that are attached to the policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is AWS Identity and Access Management (IAM)?

A

AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What individual security credentials can you assign users in the IAM process?

A

access keys, passwords, and multi-factor authentication devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How are IAM Roles and Users similar and different?

A

An IAM Role is similar to a User, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a Role is intended to be assumable by anyone who needs it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Manage federated users and their permissions: You can enable identity federation to allow existing users in your enterprise to …..

A

access the AWS Management Console,

to call AWS APIs and to access resources, without the need to create an IAM User for each identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does a policy define?

A

A policy defines what actions are allowed or denied for specific AWS resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How are inline Policies typically used?

A

Inline Policies are typically used to apply permissions for one-off situations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IAM Group Permissions policies are managed by ________ _________ .

A

Inline Policy, which is a policy assigned to just one User or Group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do Managed Policies and Inline Policies differ?

A

Managed Policy - When the policy is updated, the changes to the policy are immediately apply against all Users and Groups that are attached to the policy.

Inline Policy - policy assigned to just one User or Group. Inline Policies are typically used to apply permissions for one-off situations and grants permission to view (Describe) information about Amazon EC2 and also the ability to Start and Stop instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In an EC2 IAM group permission, the ability to view resources, but not modify them, is ideal for ….

A

assigning to a Support role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly