IAM and AWS CLI Flashcards
Which region is IAM specific to?
None, it is a global service
True or False: IAM groups may contain other groups.
False, they may only contain users
What is the maximum number of groups a user can belong to?
Unlimited
Permissions can be assigned to a user or group through a _ document called a _
A JSON document called a policy
What are the 3 definitions that define an IAM policy?
- The policy language version (2012-10-17)
- Id (Optional)
- Statements
What are the 6 definitions that define an IAM policy?
- Sid (Optional)
- Effect (Allow/Deny)
- Principle (Account/user/role the policy applies to)
- Action (List of actions the policy allows/denys)
- List of resources to which the actions can be applied to
- Condition (Optional)
What are two different ways to protect users from being compromised?
- Password Policy
- MFA Policy
What are the different 4 MFA device options?
Virtual MFA (phones)
Universal 2nd Factor Security Key (U2F)
Hardware Key Fob MFA Device
AWS GovGloud Hardware Key
What are the 3 different options to access AWS
- AWS Management Console
- AWS Command Line Interface (CLI)
- AWS Software Developer Kit (SDK)
What IAM feature is used to give permissions to AWS services to perform actions on your behalf?
IAM Roles
What tool can be used to generate a report on the permissions across your account’s users
IAM Credential Report
What tool can be used to generate a report on the permissions for a given user?
IAM Access Advisor
What are 8 best practices for IAM?
- Don’t use the root account
- One physical user = One AWS user
- Assign users to groups and permissions to groups
- Strong password policy
- Enforce MFA
- Use roles to assign permissions to AWS services
- Use access keys for CLI/SDK access
- Never share IAM users or access keys
