IAM Flashcards

1
Q

What is an AWS Role?

A
  • A role is an identity you create that has specific permissions on AWS resources.
  • It is assumable by entities that need it.
  • Roles are temporary.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who can assume a role?

A
  • Users
  • AWS Architecture (EC2s)
  • System level accounts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What do you attach to a group to assign priviliges to that group?

A

A policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How are Roles and Users similar in IAM? How are they different?

A

Both are assigned policies to grant access to resources but where Roles are temporary and assumable, Users are permanent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is AWS STS

A

Security Token Service - Allows for creation of temporary users and access privileges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When you create a policy.. what can you assign it to?

A
  • Users (hard to maintain)
  • Groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Does it make sense to attach a Policy to an EC2 instance?

A

NO!!!! You attach policies to Roles, and attach Roles to Instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are these in IAM? What is an example of each?

  • User
  • Group
  • Role
A
  • A user is an individual who can log into AWS console or use the CLI using access keys. A User CAN be assigned access policies, though this is not the best practice.
  • A group is a collection of users with common access needs in AWS. You should add access policies to a group, then assign users to a group
  • A role is similar to a user, but a role can never log in. It is an identity assumable by anyone or anything that needs it, and it grants temporary AWS access.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What do each of these managed IAM policies grant?

  • AdministratorAccess
  • PowerUserAccess
  • SystemAdministratorAccess
A
  • AdministratorAccess - Grants full access to everything in AWS
  • PowerUserAccess - Developer access for application development and partial Organisation access. Grants everything but IAM access
  • SystemAdministratorAccess - No Organization level access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How can you create and grant temporary token-based access to AWS resources?

A

AWS STS (Stimple Token Service)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly