AWS Short Memorizations Flashcards
A person or application that can make a request for an action or operation on an AWS resource.
A principal
List the 4 types of principals in AWS (Hint: FUURA)
Federated Users,
Users,
Roles,
Applications
The type of principal that can be logged into with a Google, Facebook, or Amazon Account
A federated user
An AWS Service that helps you securely control access to AWS resources.
AWS IAM
(Identity and Access Management)
List the 5 types of policies
Identity based
Resource based
IAM permission boundaries
Service control policies (SCP)
Session policies
What permissions do users have by default
none
Max number of users that can be created, per account.
5000
Max number of policies that can be attached to an IAM user or IAM role
20
Max number of groups an IAM user can be a member of
10
Max number of Access keys that can be assigned to an IAM user
2
An IAM identity that has specific permissions.
IAM Role
A JSON document that defines permissions.
Policy
What type of policy is applied to users, groups and roles
Identity based
A Bucket Policy is an example of what type of policy.
Resource based
Should you switch regions when creating or managing IAM users that are in another region?
No
(IAM is global and won’t even give a region selection)
3 options for MFA
Virtual MFA device
U2F security key
Other hardware MFA device
This is an example of what?
-> arn:aws:iam::121212121212:mfa/gwilki2
An ARN (Amazon Resource Name)
An AWS service that provides temporary credentials.
STS (Security Token Service)
A policy that controls who can assume an IAM Role
A Trust Policy
An Identity based policy that can be attached to multiple users, groups, or roles.
Managed Policy
An Identity based policy that is applied directly to only a single user, group, or role. (has a 1 to 1 relationship)
Inline Policy
A Bucket Policy is what type of policy
Resource based
A Trust Policy is what type of policy
Resource based
A Permissions Policy is what type of policy
Identity based
A policy that limits what permissions a user can have as well as any users created by them.
A permissions boundry
Type of policy that is attached to a resource and defines permissions for principals to access it.
Resource based
Type of policy that sets the max permission for an OU
AWS Organizations SCP (Service Control Policy)
Type of policy used with AssumeRole* API Actions
Session policy
What are the effective permission for a principle when combining Identity based policy with Resource based policy (just the overlapping OR all combined)?
All
What are the effective permission for a principle when combining Identity based policy with a Permissions boundary (just the overlapping OR all combined)?
Overlapping
What are the effective permission for a principle when combining Identity based policy with an SCP (just the overlapping OR all combined)?
Overlapping
List the 4 key names for an object within an IAM Policy’s JSON Statement block
Effect
Action
Resource
Condition
Whats the key name to define “allow” or “deny” in a policy statement
Effect
What is the key name to define an API action that you are allowing or denying in a policy statement
Action
What is the key name to define the ARN in a policy statement
Resource
What is the key name to optionally define when a policy statement is in affect
Condition
