IAM Flashcards
What is the SID of a policy statement?
SID = Statement ID. This is an optional identifier for the policy statement.
What is the effect of a policy statement?
effect is set to allow or deny in order to grant access or deny access to a specific resource or action.
What is the resource of a policy statement?
Names a resource that the statement applies to.
What is the action of a policy statement?
Names the action that the policy statement applies to.
How does AWS decide on priority in a policu?
DENY ALLOW DENY. First, deny access to things explicitly denied. Then, allow things explicitly allowed. Finally, deny things that aren’t explicitly allowed.
What’s the difference between inline and managed policies?
Inline policies are directly assigned to users, managed policies are objects that can be applied to several different users. Managed policies are the way to go!
How many IAM users are permitted in one AWS accounr?
5,000
How many groups can an IAM user be a part of?
10
What is an IAM Group used for?
Containers for users, mostly for admin purposes. You can also attach policies to groups.
How many groups allowed per AWS account?
300
What is the limit to the number of groups a user can belong to?
None ;)
What is a Role?
Roles are IAM identities that can be assumed by a principal with AWS.
What is a Trust policy?
A policy assigned to roles that can reference identities or AWS services that generate temporary security credentials.
What is a Permissions policy?
A permissions policy is checked by the temporary security credentials generated by a Trust Policy to allow access to services.
Name a few scenarios where using roles might be beneficial.
- Application access or script running
- Break the glass scenario
- Greater than 5,000 users
- Interacting with another AWS account without needing to create 1000s of users in another account
