AWS Module 4: AWS Cloud Security (ITM2) Flashcards
What is the basic structure of the statements in an IAM Policy?
Effect - says whether to Allow or Deny the permissions.
Action - specifies the API calls that can be made against an AWS Service (eg cloudwatch:ListMetrics).
Resource - defines the scope of entities covered by the policy rule (eg a specific Amazon S3 bucket or Amazon EC2 instance, or * which means any resource).
Managed Policies
Managed Policies are pre-built policies (built either by AWS or by your administrators) that can be attached to IAM Users and Groups. When the policy is updated, the changes to the policy are immediately apply against all Users and Groups that are attached to the policy.
What is AWS Identity and Access Management (IAM)?
AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.
What individual security credentials can you assign users in the IAM process?
access keys, passwords, and multi-factor authentication devices
How are IAM Roles and Users similar and different?
An IAM Role is similar to a User, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a Role is intended to be assumable by anyone who needs it.
Manage federated users and their permissions: You can enable identity federation to allow existing users in your enterprise to …..
access the AWS Management Console,
to call AWS APIs and to access resources, without the need to create an IAM User for each identity.
What does a policy define?
A policy defines what actions are allowed or denied for specific AWS resources.
How are inline Policies typically used?
Inline Policies are typically used to apply permissions for one-off situations.
IAM Group Permissions policies are managed by ________ _________ .
Inline Policy, which is a policy assigned to just one User or Group.
How do Managed Policies and Inline Policies differ?
Managed Policy - When the policy is updated, the changes to the policy are immediately apply against all Users and Groups that are attached to the policy.
Inline Policy - policy assigned to just one User or Group. Inline Policies are typically used to apply permissions for one-off situations and grants permission to view (Describe) information about Amazon EC2 and also the ability to Start and Stop instances.
In an EC2 IAM group permission, the ability to view resources, but not modify them, is ideal for ….
assigning to a Support role.
