IAM Flashcards
IAM is a global service. True or false?
True
It is best practise to assign a user to a group. And not to assign individual permissions to the user. True or false?
True
What is a user in IAM?
An object created to represent an identify. It could be an actual person, or it could be an account user by the app.
Can IAM users be created via command line?
Yes
What’s the size and type of string used for an IAM access key?
20 character, alphanumeric.
True or false. You can recover a lost secret access key?
False. Once it’s gone, it’s gone!
How many groups can a user be part of?
10
Default group limit per AWS account?
200
IAM secret access keys. How long are they?
40 characters.
What format are IAM policies in?
JSON
In the context of an IAM policy. What is an SID?
Statement Identity. It’s unique to the policy.
What are the two types of managed IAM policies?
Managed Policies
Inline Policies
There are two types of IAM managed policies.
AWS managed policies
Customer managed policies
Explain IAM inline policies
Policies that attach directly to an IAM project
What happens if you have conflicting IAM inline policies. One policy allows access to a resource, another denies it.
Access will be denied.
What is IAM identity federation?
Allows you to access resources, even if you don’t have an IAM account
What does idP mean?
Identity Provider
How does identify federation grant access?
Either via OpenID or SAML2
What does STS mean?
Secure token service
You need to apply a password policy to your AWS account. How do you do this?
IAM account settings
You need to prove your AWS account is compliant, with your companies password policy. How might you do this?
Run off a credential report from IAM.
How often does the IAM credential report update?
Every four hours.
In IAM, does the order in which policies are evaluated effect the outcome?
No.
True or false. In IAM, all requests are allowed by default.
False.
In IAM, is a policy explicitly denies a request. Can it is be over-ridden?
No
Name to IAM best practised for providing an additional layer of protection for user identify verification
Strong password policies
2FA
True or false. IAM roles should always be favoured over access keys.
True
Are roles considered temporary?
Yes