IAM 101 Flashcards

IAM Basics, Access Key ID and Secret Access Key

1
Q

What does IAM stand for?

A

Identity Access Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the key features of IAM?

A
  • Centralized control of your AWS account
  • Shared Access to your AWS account
  • Granular Permissions
  • Identity Federation (i.e. Active Directory, Facebook, LinkedIn, etc.)
  • Multifactor authentication (you should ALWAYS do this)
  • Temporary access for users/devices and services when necessary
  • Custom Password rotation policy
  • Integration w/ many AWS services
  • Supports PCI DSS compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are Users and Groups? What is the key relationship between them?

A
  • Users are end users (people, employees of an organization, etc.)
  • Groups are collections of Users.
  • Each user in a group inherits the permissions of the group.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are IAM Policies?

A

Policies are comprised of policy documents, which are JSON docs that give permissions to a user, group, or role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an IAM Role, and what is its purpose in AWS?

A

A Role is a custom “label” assigned to an AWS resource.

It allows one part of AWS to do something with another part.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How broad is the IAM namespace?

A

IAM has a global namespace

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What permissions does an IAM user have when first created?

A

A new user has NO permissions when first created (think least privileges)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

At a very high level, what does AWS IAM do?

A

IAM allows you to manage users and their level of access to the AWS console

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which account is the root account in IAM?

A
  • The root account is the account created when you first setup your AWS account.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What access does the root account have?

A

The root account has complete admin access (god mode)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Access Key ID and Secret Access Key used for?

A
  • Access Key ID and Secret Access Key are used for programmatic access (AWS APIs and CLI)…think of it like the username/password for programmatic access
  • Access Key ID and Secret Access Key can NOT be used to log in to the console.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Can your Access Key ID and Secret Access Key be used to log in to the AWS CLIs/API?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Can your Access Key ID and Secret Access Key be used to log in to the AWS console?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How are you assigned an Access Key ID and Secret Access Key?

A
  • Access Key ID and Secret Access Key are assigned to new users upon creation
  • You can only view them ONCE.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

If you lose your AWS Access Key ID and Secret Access Key, how can you recover them?

A

You can’t!

(You’ll need to generate a new pair)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Can IAM User Groups contain other User Groups?

A

NO

17
Q

What does IAM Credentials Report do?

A

IAM Credentials report lists all your AWS Account’s IAM Users and the status of their various credentials.

18
Q

What are the components of an IAM Policy?

A
  • Version
  • Id (optional)
  • Statement(s) which consists of
    *Sid (Statement Id) (optional)
    * Effect (ALLOW or DENY)
    * Principal(s) (account/user/role)
    * Action(s) (thing(s) you can/can’t do)
    * Resource(s) (what you are/not allowed to do those things to)
    * Condition(s) (the circumstances under which this rule applies)

So, “<Sid> says that <Principal> (<Can/Can't by effect>) do <Action> to <Resource> when <Condition>)</Condition></Resource></Action></Principal></Sid>