Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS SAA > IAM > Flashcards

IAM Flashcards

1
Q

What can you attach permission boundaries to?

A

IAM users or roles. It cannot be attached to groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When is it useful to use Cognito Identity Pools for giving access to AWS resources?

A

Useful for users who are out of the scope of your organization, therefore are not in IAM, so your web and mobile app users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the billing advantage of using Organizations?

A

Consolidated billing across all the accounts (1 single payment method)
Pricing benefit for aggregated usage (volume discounts)
Shared reserved instances and Saving Plans discounts across accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Service Control Policies?

A

SCPs can be used to control access to services on the organization/account level
They don’t allow anything by default
If there is a deny/allow on the SCP of a OU, then old the OU children of that will inhreit it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What’s the difference between having permissions through an IAM Role or through a Resource Based Policy?

A

When you assume a role, you give up the original permissions related to your account. This doesn’t happen with resource based policies if they’re explicitly allowing your account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Can you attach permission boundary to a group?

A

No, you can only attach them to users or roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Can you grant cross-account level access to S3 bucket with IAM?

A

No, you need to modify the bucket policies for that, or the ACL of the bucket

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A developer needs to implement a Lambda function in AWS account A that accesses an Amazon S3 bucket in AWS account B.

As a Solutions Architect, which of the following will you recommend to meet this requirement?

A

Create an IAM role for the Lambda function that grants access to the S3 bucket. Set the IAM role as the Lambda function’s execution role. Make sure that the bucket policy also grants access to the Lambda function’s execution role

If the IAM role that you create for the Lambda function is in the same AWS account as the bucket, then you don’t need to grant Amazon S3 permissions on both the IAM role and the bucket policy. Instead, you can grant the permissions on the IAM role and then verify that the bucket policy doesn’t explicitly deny access to the Lambda function role. If the IAM role and the bucket are in different accounts, then you need to grant Amazon S3 permissions on both the IAM role and the bucket policy. Therefore, this is the right way of giving access to AWS Lambda for the given use-case.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which are some operations that can be done only by root user and not even by users with full admin privileges?

A

Change account name or root password or root email, change AWS support plan, close AWS account, enable MFA on S3 delete, create CloudFront key pair, register for GovCloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS SAA (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions