IAM

Question 1

group

Answer 1

• equates to a job role

- assign policies to groups not users

Question 2

IAM Access types: Programmatic Access

Answer 2

• creates access ID & Secret access key for AWS API, CLI, SDK and other tools

Question 3

IAM Access types: AWS Mgmt Console

Answer 3

console

Question 4

user

Answer 4

• 1 person

- by default a user has no permissions

Question 5

Identity Providers

Answer 5

• IAM Federation - Identity federation using SAML
• SAML for Active Directory (Federation)
• Open ID Connect

Question 6

Access Key ID and Secret Access Key

Answer 6

• not the same as user name and pwd

- can only view access Key ID and secret access key once - if you lose them you must regenerate a new one

Question 7

Password rotations

Answer 7

• always want to set them up

Question 8

Inline policy

Answer 8

a policy that is attached to a single user or group

- typically used for one-off situations

Question 9

Managed policy

Answer 9

• can be shared by many users or groups

- when updated, all users or groups get updated automatically

Question 10

Explicit Deny ***

Answer 10

when you explicitly change a permission in the policy from Allow to Deny
- will override any allow that is granted to a user in any other policy***

Question 11

Implicit Deny

Answer 11

by default all permissions are implicitly denied until they are allowed in a policy (i.e. they don’t who up in the policy JSON)

Question 12

Policy JSON: EAR

Answer 12

E - Effect
A - Action
R - Resource