IAM Flashcards
What are core components of IAM
User, Role, Policy, Group
Should we use root account
No, instead create an admin user via IAM and use it
How to safe guard root account
By enabling MFA
Can one user belong to multiple groups
Yes
What is the strategy of associating policy for the user
Least privilege
What is policy document
a JSON file
What are the components of policy document
version, id and statement (an array); each element of the statement states : 1) Sid 2) Effect 3) Principle (user/account/role) 4) Action 3) Resource 4) Condition
What is a password policy
Recommended configuration to ensure password is strong and can not be compromised easily
What are two kinds of MFA device
virtual and U2F devices
How can user access AWS
via console, cli and software development kit
What is role
IAM role is a technique to assign permission to one AWS service to talk to other AWS service
What are two security tools
Credential Reports & Access Advisor
What is credential report
A report that lists status of various credential for all users under an account
What is access advisor
A report that lists service permission given to an user and time when it was last used
State few best practices for IAM
- Don’t use the root account except for AWS account setup
- One physical user = One AWS user
- Assign users to groups and assign permissions to groups
- Create a strong password policy
- Use and enforce the use of Multi Factor Authentication (MFA)
- Create and use Roles for giving permissions to AWS services
- Use Access Keys for Programmatic Access (CLI / SDK)
- Audit permissions of your account with the IAM Credentials Report
- Never share IAM users & Access Keys
