IAM

Question 1

Users

Answer 1

mapped to a physical user, has a password for AWS Console

Question 2

Groups

Answer 2

Contain users only

Question 3

Policies

Answer 3

JSON document that outlines permissions for users or groups

Question 4

IAM Roles

Answer 4

for EC2 instances or AWS services

Question 5

Best user Security login practice

Answer 5

MFA + Password policy

Question 6

AWS CLI

Answer 6

Command line interface

Manage your AWS services using the command line

Question 7

AWS SDK

Answer 7

Software development kit

Manage your AWS services using a programming language

Question 8

Access keys

Answer 8

Access AWS using the CLI or SDK

Question 9

Credential reports

Answer 9

account level

A report that lists all your accounts users and the status of their various credentials

Question 10

Access advisor

Answer 10

• Access advisor shows the service permissions granted to a user and when those
  services were last accessed.
• You can use this information to revise your policies.

Question 11

IAM Best Practices

Answer 11

• Don’t use the root account except for AWS account setup
• One physical user = One AWS user
• Assign users to groups and assign permissions to groups
• Create a strong password policy
• Use and enforce the use of Multi Factor Authentication (MFA)
• Create and use Roles for giving permissions to AWS services
• Use Access Keys for Programmatic Access (CLI / SDK)
• Audit permissions of your account using IAM Credentials Report & IAM Access Advisor
• Never share IAM users & Access Keys