IAM Flashcards
1
Q
Was ist IAM, root-user, users und groups?
A
- IAM = Identity and Access Management
- Root account = created by default, shouldn’t be used or shared
- Users = people within an organization, user 0 bis * groups
- Groups = only contain users
2
Q
IAM: Permissions
A
- Users or Groups can be assigned policies
- policy = permissions of the users
- least privilege principle
- policy direkt auf user (nicht group level) = inline policy
3
Q
How to protect Root Accounts and IAM users?
A
- strong password and Multi Factor Authentication (MFA)
4
Q
How can users access AWS?
A
- AWS Management Console
- AWS Command Line Interface (CLI)
- AWS Software Developer Kit (SDK)
- CLI and SDK protected by access keys
5
Q
IAM Roles for Services
A
- for actions on your behalf –> permissions to AWS services with IAM Roles (z.B. EC2, Lambda, CloudFormation)
6
Q
IAM Security Tools (Audit)
A
- IAM Credentials Report (account-level)
- IAM Access Advisor (user-level)
7
Q
IAM Guidelines & Best Practices
A
- One physical user = One AWS user
- Assign users to groups and assign permissions to groups
- strong password policy
- MFA
- Roles for giving permissions to services
- Never share IAM users & Access Keys
8
Q
Shared Responsibility Model for IAM
A
- AWS = Infrastructure, Configuration, vulnerability analysis, Compliance
- Customer = IAM, MFA and Permissions
