IAM Flashcards

1
Q

IAM

A
  • a root account by default and do not used or shared
  • Create user with your organization, and can be group together
  • Group only have user, and user can belong to multiple group
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Users

A
  • Mapped to physical user, has password for AWS console
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Groups

A

Contains user only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Policies

A
  • JSON documents that outlines permissions for users or group
  • IAM policy Inheritance:will be inherited by a group, were people are
  • inline policy is attached to a user
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Roles

A

For EC2 instance or AWS service

  • What is a proper definition of IAM Roles?

( An IAM entity that defines a set of permissions for making AWS service requests, that will be used by AWS service )

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security

A

MFA + Password policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

IAM password Policy:

A
  • Protect user and group from getting compromised
  • Strong password - high security
  • Set password policy
  • Allow IAM user to change password
  • Prevent password reuse
  • User change password after 90 day or more
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Multiple factor authentication - MFA

A
  • Second defend
  • to increase your root account security
  • protect from wicked intention
  • MFA= have password you know + security device you own like token, or app on your phone
  • protect root account and IAM user
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How Can Users Access AWS?

A
  • AWS management console
  • AWS command line interface (CLI)
  • AWS software AWS Developer kit (SDK) for code:
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AWS CLI

A

manage your AWS service using the command-line

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AWS SDK

A

manage your AWS services using a programming language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Access Keys

A
  • Access AWS using the CLI or SDK
  • User have their own access keys
  • ## DONT SHARE access key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Audit

A

IAM credential reports & IAM access Advisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Login into IAM

A
  • for security create a admin user account, so you can log out of the root account
  • Admin would have a police called administratorAccess - to be an admin
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

AWS CloudShell

A
  • Region Availability

- alternative for the cli terminal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

IAM role for services

A
  • create role add permission for service like EC2
  • Just like giving permission to our user but giving them to AWS service so they would use it.
  • Common roles: EC2 instance role, Lambda function role, role for cloudformation
17
Q

IAM security tools:

A

IAM credential report (account-level):

  • can view report of list of all your account user, and their status of various credentials
18
Q

IAM Access advisor (user-level)

A
  • show service permission granted to users and when those service where last accessed

→ information can be used to revise your policies

19
Q

Generate a credential report

A
  • users are not changing their password, see what user need to focus on from a security standpoint.
  • See when the user was created, if the password was enabled, last used, last change, next password rotation, is MFA activated, access key active or not , access key last rotated, last used,
  • for auditing
20
Q

Access advisor

A
  • show when service where last used, and recent activities that happen within 4 hours, remove permission users are not using
  • for auditing
21
Q

IAM Guidelines & best practices:

A
  • Do Not use root account only, only when you set up their AWS account
  • One physical user = do give some your account, but create a user for them
  • Create strong password policy
  • Assign users to group and permission to group
  • Use MFA
  • Use role when give role to AWS services
  • If using AWS CLI/SDK need to have access key for programmatic access
  • For audit your account used IAM credential report and AWS access advisor
    Never share IAM users and ACcess keys.