IAM, Accounts, and AWS Organizations Flashcards
what is a principal in the context of IAM?
An entity trying to authenticate to AWS (could be User, Application, etc)
What is a principal called after it’s authenticated?
Authenticated Identity
What is the purpose of ARN
a way to uniquely access a resource in aws
does the ARN arn:aws:s3:::catgifs/* refer to the bucket catgifs?
NO - only the objects within the bucket
How many IAM users are allowed in each account?
5000
How main groups can an IAM user be in?
10
Is there a default “All users” IAM group in aws?
NO
How many users can be in an IAM group
5000 (effectively “unlimited” – but there is a hard limit on # of IAM users per account)
⭐ Can groups be granted IAM access by an IAM resoure policy?
NO
What is a Service Control Policy
An access policy (similar to IAM) which can be attached to member account in an aws organization (or Organizational Unit)
Can a Service Control Policy be attached to the Management Account
NO
⭐ How can you find the cloudtrail events from IAM, a global service?
You must first configure a cloudtrail trail with global events turned on in the us-east-1 region. Global events will flow here.
how long could it take for a cloud trail event to appear in the logs?
up to 15 minutes!
are cloudtrail logs realtime?
no
how you ding
fine thanks!