IAM Flashcards
What is an AWS Role?
- A role is an identity you create that has specific permissions on AWS resources.
- It is assumable by entities that need it.
- Roles are temporary.
Who can assume a role?
- Users
- AWS Architecture (EC2s)
- System level accounts
What do you attach to a group to assign priviliges to that group?
A policy.
How are Roles and Users similar in IAM? How are they different?
Both are assigned policies to grant access to resources but where Roles are temporary and assumable, Users are permanent.
What is AWS STS
Security Token Service - Allows for creation of temporary users and access privileges
When you create a policy.. what can you assign it to?
- Users (hard to maintain)
- Groups
Does it make sense to attach a Policy to an EC2 instance?
NO!!!! You attach policies to Roles, and attach Roles to Instances
What are these in IAM? What is an example of each?
- User
- Group
- Role
- A user is an individual who can log into AWS console or use the CLI using access keys. A User CAN be assigned access policies, though this is not the best practice.
- A group is a collection of users with common access needs in AWS. You should add access policies to a group, then assign users to a group
- A role is similar to a user, but a role can never log in. It is an identity assumable by anyone or anything that needs it, and it grants temporary AWS access.
What do each of these managed IAM policies grant?
- AdministratorAccess
- PowerUserAccess
- SystemAdministratorAccess
- AdministratorAccess - Grants full access to everything in AWS
- PowerUserAccess - Developer access for application development and partial Organisation access. Grants everything but IAM access
- SystemAdministratorAccess - No Organization level access
How can you create and grant temporary token-based access to AWS resources?
AWS STS (Stimple Token Service)