IAM Flashcards
What does IAM stand for?
Identity and Access Management
True or false, IAM is a global service?
True
What should a root account be used for?
For AWS account setup only
Define User
People within your organisation that can be assigned to groups
True or false, a group can contain other groups?
False
True or false, users need to be assigned to groups?
False - however, it is bad practice to not assign user’s to groups
True or false, a user can belong to many groups?
True
What is an IAM policy?
JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles.
What principle should you apply when assigning privileges?
Do not give more permissions then what the user needs.
(Grant least privilege)
Define Group Policies
Policies applied to everyone in a group
Define Inline Policies
Policies applied to a specific user
What does a IAM Policy structure consist of? (x3)
- Version: policy language version
- ID: (Optional) Identifier for the policy
- Statement: One or more statements
What does a IAM policy statement consist of? (x6)
- SID: (Optional) Identifier for the statement
- Effect: Indicates whether the statement allows or denies access, value can be either “Allow” or “Deny”
- Principle: Account / user / role the policy is applied to
- Action: List of actions this policy allows or denies
- Resources: List of Resources to which the action is applied to
- Conditions: (Optional) Conditions for which this policy is in effect
What can you do with IAM Password Policy (x5)
- Specify minimum password length
- Require Specific Character types
- Allow all IAM users to change their passwords
- Require users to change their passwords (make passwords expire)
- Prevent password reuse
List Multi Factor Authentication Options (x4)
- Virtual MFA Devices
– Google Authenticator
– Authy - Universal 2nd Factor (UTF) Security Key
– YubiKey - Hardware Key Fob MFA Device
– Gemalto - Hardware Key Fob MEA Device + AWS GovCloud (US)
– SurePassID
