IAM, Accounts, and AWS Organizations

Question 1

what is a principal in the context of IAM?

Answer 1

An entity trying to authenticate to AWS (could be User, Application, etc)

Question 2

What is a principal called after it’s authenticated?

Answer 2

Authenticated Identity

Question 3

What is the purpose of ARN

Answer 3

a way to uniquely access a resource in aws

Question 4

does the ARN arn:aws:s3:::catgifs/* refer to the bucket catgifs?

Answer 4

NO - only the objects within the bucket

Question 5

How many IAM users are allowed in each account?

Answer 5

5000

Question 6

How main groups can an IAM user be in?

Answer 6

10

Question 7

Is there a default “All users” IAM group in aws?

Answer 7

NO

Question 8

How many users can be in an IAM group

Answer 8

5000 (effectively “unlimited” – but there is a hard limit on # of IAM users per account)

Question 9

⭐ Can groups be granted IAM access by an IAM resoure policy?

Answer 9

NO

Question 10

What is a Service Control Policy

Answer 10

An access policy (similar to IAM) which can be attached to member account in an aws organization (or Organizational Unit)

Question 11

Can a Service Control Policy be attached to the Management Account

Answer 11

NO

Question 12

⭐ How can you find the cloudtrail events from IAM, a global service?

Answer 12

You must first configure a cloudtrail trail with global events turned on in the us-east-1 region. Global events will flow here.

Question 13

how long could it take for a cloud trail event to appear in the logs?

Answer 13

up to 15 minutes!

Question 14

are cloudtrail logs realtime?

Answer 14

no

Question 15

how you ding

Answer 15

fine thanks!