AWS Short Memorizations

Question 1

A person or application that can make a request for an action or operation on an AWS resource.

Answer 1

A principal

Question 2

List the 4 types of principals in AWS (Hint: FUURA)

Answer 2

Federated Users,
Users,
Roles,
Applications

Question 3

The type of principal that can be logged into with a Google, Facebook, or Amazon Account

Answer 3

A federated user

Question 4

An AWS Service that helps you securely control access to AWS resources.

Answer 4

AWS IAM
(Identity and Access Management)

Question 5

List the 5 types of policies

Answer 5

Identity based
Resource based
IAM permission boundaries
Service control policies (SCP)
Session policies

Question 6

What permissions do users have by default

Answer 6

none

Question 7

Max number of users that can be created, per account.

Answer 7

5000

Question 8

Max number of policies that can be attached to an IAM user or IAM role

Answer 8

20

Question 9

Max number of groups an IAM user can be a member of

Answer 9

10

Question 10

Max number of Access keys that can be assigned to an IAM user

Answer 10

2

Question 11

An IAM identity that has specific permissions.

Answer 11

IAM Role

Question 12

A JSON document that defines permissions.

Answer 12

Policy

Question 13

What type of policy is applied to users, groups and roles

Answer 13

Identity based

Question 14

A Bucket Policy is an example of what type of policy.

Answer 14

Resource based

Question 15

Should you switch regions when creating or managing IAM users that are in another region?

Answer 15

No
(IAM is global and won’t even give a region selection)

Question 16

3 options for MFA

Answer 16

Virtual MFA device
U2F security key
Other hardware MFA device

Question 17

This is an example of what?
-> arn:aws:iam::121212121212:mfa/gwilki2

Answer 17

An ARN (Amazon Resource Name)

Question 18

An AWS service that provides temporary credentials.

Answer 18

STS (Security Token Service)

Question 19

A policy that controls who can assume an IAM Role

Answer 19

A Trust Policy

Question 20

An Identity based policy that can be attached to multiple users, groups, or roles.

Answer 20

Managed Policy

Question 21

An Identity based policy that is applied directly to only a single user, group, or role. (has a 1 to 1 relationship)

Answer 21

Inline Policy

Question 22

A Bucket Policy is what type of policy

Answer 22

Resource based

Question 23

A Trust Policy is what type of policy

Answer 23

Resource based

Question 24

A Permissions Policy is what type of policy

Answer 24

Identity based

Question 25

A policy that limits what permissions a user can have as well as any users created by them.

Answer 25

A permissions boundry

Question 26

Type of policy that is attached to a resource and defines permissions for principals to access it.

Answer 26

Resource based

Question 27

Type of policy that sets the max permission for an OU

Answer 27

AWS Organizations SCP (Service Control Policy)

Question 28

Type of policy used with AssumeRole* API Actions

Answer 28

Session policy

Question 29

What are the effective permission for a principle when combining Identity based policy with Resource based policy (just the overlapping OR all combined)?

Answer 29

All

Question 30

What are the effective permission for a principle when combining Identity based policy with a Permissions boundary (just the overlapping OR all combined)?

Answer 30

Overlapping

Question 31

What are the effective permission for a principle when combining Identity based policy with an SCP (just the overlapping OR all combined)?

Answer 31

Overlapping

Question 32

List the 4 key names for an object within an IAM Policy’s JSON Statement block

Answer 32

Effect
Action
Resource
Condition

Question 33

Whats the key name to define “allow” or “deny” in a policy statement

Answer 33

Effect

Question 34

What is the key name to define an API action that you are allowing or denying in a policy statement

Answer 34

Action

Question 35

What is the key name to define the ARN in a policy statement

Answer 35

Resource

Question 36

What is the key name to optionally define when a policy statement is in affect

Answer 36

Condition