Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

AWS SAA > IAM > Flashcards

IAM Flashcards

1
Q

What is IAM Users

A

Identities used for anything that requires long-term AWS access
Ex: humans, application or service accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IAM Users numbers limitation

A

5000 IAM Users per Account
1 IAM Users can belong to 10 Groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IAM User is authenticated by what?

A
  • Username & Password (+MFA)
  • Access Key (CLI, SDK)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IAM User is authorized for access based on what?

A

IAM policy
Attached or embedded in IAM User

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IAM User should not used for…

A
  • Internet-scale app
  • Large organizations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is IAM Group?

A

Collection of related IAM User

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When to use IAM Group?

A
  • Used for organizing IAM User
  • Cannot contain other Groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IAM Group numbers limitation

A
  • 300 IAM Groups per Account
  • Can be increased
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IAM Group isn’t a true identity, therefore…

A

… cannot be referenced by a Resource policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When to use IAM Role?

A
  • Uncertain number of principals
  • Need access in a short period of time
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IAM Role is a true identity, therefore…

A

… can be referenced by a Resource policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Temporary Security Credentials?

A
  • Generated by Secure Token Service
  • Assigned to the principal who is assuming the Role
  • Has expiration
  • Affected by Permission policy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the effect of a Trust Policy

A

Controls which identities can assume the Role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the effect of a Permission Policy

A

Controls which resources the Role can access to, also called Identity Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Difference between Service-linked Role and IAM Role

A

Service-linked Role cannot be deleted manually during the service usage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is IAM Policy?

A
  • Sets of security statements
  • Granting or deny access to AWS products for an identity
17
Q

What is Sid in IAM Policy?

A
  • Statement ID
  • Meaning what the statement does
  • Optional, recommended
18
Q

Example of Actionin IAM Policy?

A
  • “Action”: “ec2:StartInstances”
  • “Action”: “s3:GetObject”
  • “Action”: “s3:*”
19
Q

Example of overlapped IAM Policy Statements

A

1st statement Allow full access to an S3 bucket but 2nd statement Deny the access to its internal buckets

20
Q

Priority if the IAM Policy Statements are overlapped

A

Explicit Deny, then Explicit Allow, then Implicit Deny (default)

21
Q

IAM Policy Types

A
  • Managed Policy (recommended: reuseable, low managed)
  • Inline Policy (used for special cases)

AWS SAA (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions