IAM

Question 1

How are users, groups, policies and permission related ? and what about json

Answer 1

• Users or Groups can be assigned JSON documents called policies
• These policies define the permissions of the users
• In AWS you apply the least privilege principle: don’t give more permissions than a user needs

Question 2

Can multiple policies be associated with one IAM user ?

Answer 2

Yes

Question 3

Whats the format of policy json ?
what are the components of the policy and what are the components of “statement”

Answer 3

• Consists of
  
  • Version:policy language version, always include“2012-10- 17”
  • Id: an identifier for the policy(optional)
  • Statement: one or more individual statements(required)
• Statements consists of
  
  • Sid: an identifier for the statement(optional)
  • Effect: whether the statement allows or denies access (Allow, Deny)
  • Principal:account/user/role to which this policy applied to
  • Action:list of actions this policy allows or denies
  • Resource:list of resources to which the actions applied to
  • Condition:conditions for when this policy is in effect (optional)

Question 4

Account and user inter-relation

Answer 4

Question 5

An IAM policy can be applied to what all things ?

Answer 5

• Identities
  
  • Users
  • Groups
  • Roles
• Resources
  
  • S3 buckets
  • EC2 instances
  • DynamoDB tables
• Services
  
  • Amazon SNS
  • Amazon SQS
  • Amazon RDS

Question 6

What things are considered as identities

Answer 6

• AWS Account
• IAM Users
• IAM Roles
• IAM Groups
• Federated Users
• AWS Services

Question 7

Whats ARN

Answer 7

Amazon Resource Name

Question 8

What is a principal in AWS IAM ?

Answer 8

In AWS, a principal is an entity that can make a request to AWS. Principals can be
- IAM User
- IAM Role
- AWS Service
- AWS Account and root user
- Anonymous User
- Federated User Sessions

Question 9

What is IAM Users ?

Answer 9

An IAM user is an identity created within an AWS account that represents an individual or application. IAM users have unique credentials and can authenticate themselves to access AWS services.

Question 10

What is IAM Role ?

Answer 10

An IAM role is similar to an IAM user but doesn’t have permanent credentials. IAM roles are used to delegate access to AWS resources and are assumed by trusted entities, such as IAM users or AWS services, to obtain temporary security credentials.

Question 11

What is AWS service ?

Answer 11

Some AWS services act as principals to interact with other services and resources. For example, AWS Lambda functions, Amazon EC2 instances, and AWS Step Functions can assume IAM roles and perform actions on behalf of those roles.

Question 12

What is AWS Account ?

Answer 12

An AWS account itself can be considered a principal. Policies can be attached to the AWS account to define permissions that apply globally across all resources in the account.

Question 13

What is Anonymous User ?

Answer 13

In some cases, AWS resources can be publicly accessible to anonymous users without any authentication. Policies can be defined for anonymous users to control their access to specific resources.

Question 14

Role can be assumed by who all ?

Answer 14

IAM users, AWS services, or even identity federation systems.

Question 15

How can users access AWS ?

Answer 15

• AWS Management Console (protected by password + MFA)
• AWS Command Line Interface (CLI): protected by access keys
• AWS Software Developer Kit (SDK) - for code: protected by access keys

Question 16

• AWS Management Console (protected by password + MFA)
• AWS Command Line Interface (CLI): protected by access keys
• AWS Software Developer Kit (SDK) - for code: protected by access keys
  In these what are the principals for each

Answer 16

to be done

Question 17

Name 2 IAM security tools and what are they used for.

Answer 17

• IAM Credentials Report (account-level)
  
  • a report that lists all your account’s users and the status of their various credentials
• IAM Access Advisor (user-level)
  
  • Access advisor shows the service permissions granted to a user and when those services were last accessed.
  • You can use this information to revise your policies.

Question 18

Can I have more than one principal in an IAM Policy json

Answer 18

No, in AWS IAM (Identity and Access Management), you cannot have more than one principal in a single IAM policy JSON. An IAM policy is associated with a single principal, which can be a user, a group, or a role. The principal represents the AWS entity (such as a user or a group) to which the policy applies.

Question 19

What is an IAM identity ?

Answer 19

An IAM identity represents a human user or programmatic workload, and can be authenticated and then authorised to perform actions in AWS.
- Users
- User Groups
- Roles

Question 20

Who can use an IAM Role ?

Answer 20

tbd

Question 21

Whats the difference between an identity and a principal

Answer 21

tbd