IAM Flashcards
IAM is regional
T or F
false
it is universal
T or F
the root account is created when you first setup your AWS account
T
T or F
Users have full access when new user created
False
They have no access
New users are assigned Access key and secret ID when they are first created
True or F
True
access key and secret key are the same as a pw and can be used to log into the console, cli, and api
false, they are not the same as a pw and cannot be used to log into the console.
they are used for cli and api
Roles are universal - they can be used in any region
t or f
T
roles can be assigned to an ec2 instnace after it is created using both the console and the CLI
T or F
T
what is aws directory service?
family of managed services
connect aws resources with on prem AD
standalone directory in the cloud
use existing corporate credentials
SSO to any domain joined EC2 instance
yes
simple AD
standalone managed directory
basic AD features
small <= 500; <=5,000 users
easier to manage ec2
linux workloads that need LDAP
does not support trusts (Can’t join on premisis AD)
yes
AD connector
-directory gateawy (proxy) for on prem AD
avoid caching info in the cloud
allow on prem users to log into aws using AD
join ec2 instances to your existing AD domain
scale across multiple AD connectors
yes
cloud directory
directory based store for developers
multiple hierarchies with hundres of millions of objects
use cases; org charts, course catalogs, device registries
fully managed service
yes
AD compatible services:
managed MS AD
AD connector
simple AD
t or f
t
non AD compatible
cloud directory
cognito user pools
t or f
t
arrange the order for an ARN beginning
account_id
partition
arn
service
region
arn:partition:service:region:account_id:
IAM policies
not explicitly allowed == implicitly denied
t or f
t
