IAM Flashcards

1
Q

IAM?

A

+ Identity and Access Management
+ It is a GLOBAl service in AWS.

(page 40)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Root User?

A

The Principal User that is created by default with an account of AWS, has all rights to work with AIM and AWS.

(page 40)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Users?

A

Logical entities that represent users in the organization, and must be created with the Root user.
They can whether or not be grouped.
They can whether or not belong to a group.

(page 40)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Group?

A

A logical entity that only contains users.

page 40

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

User or Groups?

A

Can be assigned permissions through a JSON Document called Policies.

(page 41)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Policy?

A

Define the permission of users

(page 41)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Least Privilege Principle?

A

Don’t GRANT more than the user needs, whith leastet permissions as possible.

(page 41)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

INLINE Policy?

A

A policy assigned to a User that has no group.

page 42

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Parts of Policy (JSON Doc)?

A
  1. Version. Date of the policy
  2. ID. Custom and unique name.
  3. Statment. Individual statements of the policy

(page 43)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Statement Policy?

A
  1. SID. Id of the statement
  2. Effect. How the policy works: Allow or Deny
  3. Principal. account, user, or role to which this policy is applied.
  4. Action. List of features in the service that the policy is in effect.
  5. Resource. The list of resources (user or role) on which the policy is in effect.
  6. Condition. Condition from where the policy is in effect.

(Page 43)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IAM Password Policy?

A

Set of rule that defines how IAM password must be created and Handled.

(Page 44)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

MFA?

A

+ Multi-Factor Authentication
+ The mechanism which complements the password of an account with a security device

(Page 45)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Virtual MFA Device?

A

Authenticate APP installed on a Mobile Device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Security key?

A

Authenticate by touching a security hardware key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Three way to access to AWS?

A

+ AWS Management Console.
+ AWS Command Line Interface (CLI)
+ SKK / API.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In which access type is used Password and MFA?

A

AWS Management Console

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

In which access type are used Secret Key?

A

AWS CLI and AWS SDKs?

18
Q

Of What are comformed Access Key?

A
  1. Access Key ID that is like a Username.
  2. Secret Access Key that use like a Password.

(Page 48)

19
Q

How to configure AWS CLI?

A

$ aws configure

20
Q

How to list all the IAM user iin AWS CLI?

A

$ aws iam list-users

21
Q

IAM Role Services?

A

+ Specifis permissions that can be asign to an entity like AWS Services
+ The credentials are temporary.

(Page 52)

22
Q

IAM Credential Repot and IAM Access Advisor are part of?

A

IAM Security Tools

Page 53

23
Q

Which is the level of IAM Credentials Report?

A

Account Level

Shows all the users and their status credentials

(Page 53)

24
Q

Which is the level of IAM Access Advisor?

A

User Level

Shows the detail of the user permissions and when the credential has been accessed.

(Page 53)

25
Q

Best Practices of IAM?

A
  1. Don’t Use Root User except for Setting Up.
  2. One AWS Account = One Physical User
  3. User Groups
  4. User Strong Password Policies.
  5. User Multi Factor Authentication (MFA)
  6. Create Roles for AWS Services.
  7. Create Access Permitions for CLI and SDK
  8. Audit Permitions with IAM Credential Reports

(Page 54)

26
Q

Shared Responsibility Model for IAM

A

AWS. Is responsibiliy of the infrastructure and its local security
YOU: Are responsibility of applying all the best practicing.

(Page 55)

27
Q

User?

A

A mapped physical User, has a passwor for AWS Console.

Page 56

28
Q

Groups?

A

Contains users.

Page 56

29
Q

Policies

A

Permissions for users and groups, on a JSON document.

Page 56

30
Q

Security?

A

Password Policy + MFA

Page 56

31
Q

AWS CLI?

A

Command Line Interface for AWS which use Access Key.

Page 56

32
Q

AWS SDK?

A

Sottware Developer Kit for manage AWS Services and uses Secret Keys.

(Page 56)

33
Q

Secret Keys?

A

Access Key ID ~= ID
Secret Access Key ~= Password

(Page 56)

34
Q

Audit?

A
Credential Reports (Account Level)
IAM Access Advisor (User Level)

(Page 56)

35
Q

Roles?

A

For EC2 instances or AWS Services

Page 56

36
Q

In this Policy, what is the function of the Condition element?

```json
{
“Version”: “2012-10-17”,
“Id”: “cd3ad3d9-2776-4ef1-a904-4c229d1642ee”
“Statement”:
[
{
“Effect”: “Allow”,
“Action”: “s3:ListBucket”,
“Resource”: “arn:aws:s3:::BUCKET-NAME”,
“Condition”: {“StringLike”: {“s3:prefix”: [
“”,
“home/”,
“home/${aws:username}/”
]
}
]
}
~~~

A

Lets you specify conditions for when a policy is in effect

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html

37
Q

In this Policy, what is the function of the Action element?

```json
{
“Version”: “2012-10-17”,
“Id”: “cd3ad3d9-2776-4ef1-a904-4c229d1642ee”
“Statement”:
[
{
“Effect”: “Allow”,
“Action”: “s3:ListBucket”,
“Resource”: “arn:aws:s3:::BUCKET-NAME”,
“Condition”: {“StringLike”: {“s3:prefix”: [
“”,
“home/”,
“home/${aws:username}/”
]
}
]
}
~~~

A

Define what services will be afected Effect element (Allow/Deny).

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elem

38
Q

In this Policy, what is the function of the Effect element?

```json
{
“Version”: “2012-10-17”,
“Id”: “cd3ad3d9-2776-4ef1-a904-4c229d1642ee”
“Statement”:
[
{
“Effect”: “Allow”,
“Action”: “s3:ListBucket”,
“Resource”: “arn:aws:s3:::BUCKET-NAME”,
“Condition”: {“StringLike”: {“s3:prefix”: [
“”,
“home/”,
“home/${aws:username}/”
]
}
]
}
~~~

A

The Effect element is required and specifies whether the statement results in an allow or an explicit deny. Valid values for Effect are Allow and Deny.

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elem

39
Q

In this Policy, what is the function of the Resource element?

```json
{
“Version”: “2012-10-17”,
“Id”: “cd3ad3d9-2776-4ef1-a904-4c229d1642ee”
“Statement”:
[
{
“Effect”: “Allow”,
“Action”: “s3:ListBucket”,
“Resource”: “arn:aws:s3:::BUCKET-NAME”,
“Condition”: {“StringLike”: {“s3:prefix”: [
“”,
“home/”,
“home/${aws:username}/”
]
}
]
}
~~~

A

he Resource element specifies the object or objects that the statement covers.

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elem

40
Q

What is the fucntion of Principal, in a statement Policy?

A

Use the Principal element in a resource-based JSON policy to specify the principal that is allowed or denied access to a resource.

```json
“Principal”: { “AWS”: “arn:aws:iam::123456789012:root” }
~~~

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elem