IAM 1 Flashcards
Root User
Root user restrictions?
Can’t be restricted in any way
Root User
How do you change your account name or contact info?
Must use root creds
Root User
How do you turn on IdentityCenter?
Must use root creds
Root User
How do you join the GovCloud region?
Must use root creds, prove you’re a US Person
Root User
How do you close your account?
Must use root creds
Root User
How do you turn on MFA delete on an S3 bucket?
Must use root creds
Root User
How do you fix an S3 bucket policy that denies all users?
Must use root creds
Root User
Best Practice for root user?
Use MFA, delete access keys, regularly change password, set security challenge questions
Root User
What are the security challenge questions used for?
Contacting AWS Support
Root User
Is the root user’s password subject to your account’s password policy?
no
Limits
Max IAM Users per account?
5,000
Groups
Max groups an IAM User can be in?
10
Groups
What happens if an IAM User is in two groups with overlapping Policies?
Union: if any denies, deny. Then, if any allow, allow it.
Groups
What’s the “all users” group that all IAM Users belong to?
There is none.
Groups
Limit on the number of users in a group?
None. However, it’s 5,000: max users per account.
Groups
Can you nest groups?
no
Groups
Max number of groups per account?
300 (soft limit)
Groups
Extend the max number of groups per account?
Yes, request limit increase form (not a support case!)
Groups
How do you set up a Policy for everyone in a group?
Create a single Group Policy (duh).
Groups
Reference a Group in a Policy?
Not allowed: Groups aren’t Principals. Can’t be targets of policy things.
Groups
Can groups have inline, customer-managed, or aws-managed policies?
All three
Groups
When shouldn’t you add an inline policy to a user?
Hopefully never: manage human perms always via Groups.
Groups
Can’t use Groups, too many different sets of perms!
Refactor your Groups, grant multiple Groups to each Human.
