IAM Flashcards
What kind of service is IAM?
Identity and access management (IAM) is a global service.
What is IAM used for?
Creating users within an account and allocating permissions to these users to access aws account and resources.
How are users organised?
you can create groups and add users into these groups. A single user can belong to multiple groups.
What is an IAM policy?
An IAM policy is a JSON document that defines permission for a user.
What is the least privilege principle?
It’s applied to IAM policy to provide only the needed permissions to the user and not more.
How are policies applied to users?
IAM Policies are can be applied to individual users and to groups. Users that don’t belong to any group will have inline policies.
Users belonging to multiple groups will inherit policies from those groups.
what are the main components of an IAM policy?
The policy consists of:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "elasticloadbalancing:Describe*"
,
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:Describe*"
],
"Resource": "*"
}
]What is MFA?
Multi-Factor Authentication: used for securing your account, especially your root account.
This is a combination of a password you know and a security device you own.
What are IAM Roles
IAM Roles are like users with permissions, Roles are for aws services that allow them to communicate or perform actions on other services.
What are the IAM security tools
IAM Credentials Report (account-level)
• a report that lists all your account’s users and the status of
their various credentials
IAM Access Advisor (user-level)
• Access advisor shows the service permissions granted to a user and when the services were last accessed.
• You can use this information to revise your policies
