IAM

Question 1

Users are…

Answer 1

people in an organization that can be grouped

Question 2

Can groups contain other groups?

Answer 2

No

Question 3

How can you structure users?

Answer 3

Users dont need to belong to a group but they can belong to multiple groups

Question 4

How is a JSON policy document of a user or group structured?

Answer 4

It contains

• a version
• a list of statements
  
  • Effect
  • Action
  • Resource

Question 5

What basic principle do you need to follow for giving permissions?

Answer 5

You apply the least privilege principle: only as many permissions as users need

Question 6

How can permissions be obtained?

Answer 6

They can be:

• given by an inline policy directly to the user
• inherited from every group policy a user is member of

Question 7

A user’s password has been guessed correctly. How can you prevent this from happening in the future? How can damage be controlled?

Answer 7

• Enable MultiFactorAuthentication (MFA)
• Enable password rules:
  
  • Set minimum password length
  • require special characters, numbers, letters, non alpha characters
  • require password change after some time
  • prevent password reuse
  • never share IAM users & Access Keys
  • never use the root user (only for user setup)

Question 8

AWS devices for MFA?

Answer 8

• Virtual MFA device
• Universal 2nd Factor (U2F) Security Key
• Hardware Key Fob MFA

Question 9

How can you access AWS?

Answer 9

• AWS Management Console (password+MFA)
• AWS CLI
• AWS SDK

Question 10

How can AWS services get permissions?

Answer 10

-Through IAM roles that can be given permissions

Question 11

How can you check the current user/policy configuration?

Answer 11

• IAM Credentials Report (a report that lists all users and their credentials)
• IAM Access advisor (shows the permissions granted to a user and time of last access)