Chapter 4 - Identity and Access Management (IAM)

Question 1

What are the 4 Steps to Secure Your AWS Root Account?

Answer 1

1) Enable multi-factor authentication on the root account.
2) Create an admin group for your administrators and assign the appropriate permissions to this group.
3) Create user accounts for your administrators.
4) Add your users to the admin group.

Question 2

IAM is:
Universal?
Regional?
Access Zone based?

Answer 2

Universal

Question 3

Describe the Root Account when first created:

Answer 3

This is the account created when you first setup your AWS account and it has complete admin access.
Secure it as soon as possible and DO NOT use it to log in day to day.

Question 4

How do access key IDs and secret access keys differ from usernames and passwords?

Answer 4

You cannot use the access key ID and secret access key to log in to the console.
However, you would use them to access AWS via the APIs and Command Line.
You only get to view these once. If you loose them, you will have to regenerate them, so save them in a secure location.
Passwords should be rotated using rotation policies.

Question 5

What is IAM Federation?

Answer 5

IAM Federation allows you to combine your existing user account with AWS.
For example, when you log on to your PC (usually using Microsoft Active Directory), you can use the same credentials to log into AWS if you setup federation.

Question 6

What standard does Identity Federation use?

Answer 6

It uses the SAML (Security Assertion Markup Language) standard, which is Active Directory.