IAM

Question 1

IAM

Answer 1

Identity and Access Management.

Global service.

Create users and assign to groups.

User doesn’t have to belong to a group.

User can belong to multiple groups.

Question 2

Group

Answer 2

Can only contain users, not other groups.

Question 3

Policies

Answer 3

Permissions defined in a JSON doc that a User or groups can be assigned.
User can also have multiple policies.
Users can inherit policies from the group they are in and inline policies.
Apply the least privilege principle = don’t give user/group more then they need

Question 4

Inline Policy

Answer 4

Policy that can only be attached to a user, not group.

Question 5

IAM Password Policy

Answer 5

Can set up policy that requires users to create pw with certain characters, length, etc.

Question 6

MFA

Answer 6

Multi-Factor Authentication.
pw & security device.

device options:
Virtual MFA Device = Google Authenticator
Harware Key Fob = physical device

Question 7

IAM Roles

Answer 7

permissions for specific services

Question 8

IAM Security Tools

Answer 8

can dl credential report to get info about users

Question 9

Root User

Answer 9

created by default upon setup, don’t use except for setup

Question 10

Shared Responsibility Model (IAM)

Answer 10

AWS = infrastructure, config, compliance
us = responsible for users, groups, policies, MFA, perms