IAM

Question 1

Main components of IAM Service

Answer 1

User

Group

IAM Role

MFA

IAM Policy

API keys (Programmatic access)

Question 2

User account

Answer 2

Assigned to a service or

Individual

Question 3

How to configure what a users is allowed to do within AWS?

Answer 3

Creating an IAM Policy and attach it to a USer.

It could be done directly or through a group

Another way is with a role

Question 4

What is an IAM User?

Answer 4

An entity which represents:

* a person

* a service

Question 5

What can be assigned to an IAM user?

Answer 5

An access key

A password for access to the management console

Question 6

What is an access key?

Answer 6

Is an ID and a secret access key for programmatic access to the AWS API, CLI, SDK

Question 7

Best practices for the root accounts:

Answer 7

Don’t use the root users credentials

Don’t share the root users credentials

Create an IAM user and assign administrative permissions as required

Enable Multi-Factor Authentication for it

Question 8

How many users can you have per AWS account?

Answer 8

5000

Question 9

What is ARN?

Answer 9

Amazon Resource Name which uniquely identifies the user across AWS

Question 11

What are IAM Groups?

Answer 11

Collections of users and have policies attached to them

Question 12

What are the groups for?

Answer 12

Assign permissions to users

Question 13

Who does assume the roles?

Answer 13

Another entity

Question 14

What are IAM Policies?

Answer 14

Documents that define permissions and can be applied to users, groups and roles

Question 15

When you have several policies which one is applied?

Answer 15

The mos restrictive policy

Question 16

What is the policy simulator?

Answer 16

A toolto help you understand, test, and validate the effects of access control policies

Question 17

What is an MFA?

Answer 17

Something you know (pwd)

Something you have (token)

Something you are

Question 18

Who is MFA in AWS?

Answer 18

A password

Virtual MFA or Phisical MFA

Question 19

What is Security Token Service (STS)?

Answer 19

Is a web service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (federated users)

Question 20

IAM Best Practices

Answer 20

Lock away the AWS root users access keys

Create individual IAM users

Uses AWS defined policies to assign permissions whenever possible

use groups to assign permissions to IAM users

Grant least privilege

Uses access levels to review IAM permissions

Configure a strong password policy for users

Use roles for applicatiosn that run on AWS EC2 instances

Delegate by using roles instead of sharing credentials

Rotate credentials regularly

Remove unnecessary credentials

use policy conditions for extra security

Monitor activity in your AWS account

Question 21

IAM Bestpractices (2)

Answer 21