IAM & AWS CLI

Question 1

What is the main benefit of multi factor authorization (MFA)?

Answer 1

If a password is stolen or hacked, the account is not compromised

Question 2

What are the MFA devices option in AWS?

Answer 2

• Virtual MFA device (support for multiple tokens on a single device)
• UF2 Universal 2nd Factor Security Key (support for multiple root and IAM users using a single security key)
• Hardware Key Fob (3rd Party)
• Hardware Key Fob for AWS GovCloud (3rd party)

Question 3

Should you share Access Keys?

Answer 3

No. AK are secret, just like a password. Because colleagues can generate their own AK as well.

Question 4

How can users access AWS?

Answer 4

• AWS Management Console (protected by password + MFA)
• AWS Command Line Interface (CLI) (protected by access keys)
• AWS Software Developer Kit (SDK) (for code. Protected by access keys)

Question 5

What can you do with AWS CLI?

Answer 5

• Direct access to the public APIs of AWS services
• Develop scripts to manage your resources
• It’s open-source
• Alternate to using AWS Management Console

Question 6

What is AWS CLI?

Answer 6

A tool that enables you to interact with AWS services using commands in your command-line shell

Question 7

What is AWS SDK?

Answer 7

A tool that enables you to access and manage AWS services programmatically

Question 8

What is an API?

Answer 8

Mechanisms that enable two software components to communicate with each other using a set of definitions and protocols.

Question 9

What does API stand for?

Answer 9

Application Programming Interface

Question 10

What is AWS CloudShell?

Answer 10

A browser based, pre authenticated shell that you can launch directly from the AWS Management Console.

Question 11

What is an IAM role?

Answer 11

A secure way to grant permissions to entities that you trust

Question 12

What are common IAM Roles?

Answer 12

• EC2 Instance Roles
• Lambda Function Roles
• Roles for CloudFormation

Question 13

What security tools can you use in IAM?

Answer 13

• IAM Credentials Report (account-level)

* IAM Access Advisor (user-level)

Question 14

What is IAM Credentials Report?

Answer 14

Audits all users

Question 15

What is IAM Access Advisor?

Answer 15

Audits specific users

Question 16

Never share ___ users or ______ Keys

Answer 16

IAM - Access

Question 17

What security tool should you use to audit permissions of your account?

Answer 17

IAM Credentials Report

Question 18

Use ______ ____ for Programmatic Access (CLI/SDK)

Answer 18

Access Keys

Question 19

Create and use _____ for giving permissions to AWS services

Answer 19

Roles

Question 20

Don’t use the ____ _______ except for AWS account setup

Answer 20

Root account

Question 21

Assign users to ______ and assign ___________ to groups

Answer 21

Groups - Permissions

Question 22

What are IAM Policies?

Answer 22

JSON documents that outlines permissions for users or groups

Question 23

Roles are given to..

Answer 23

EC2 instances or AWS services

Question 24

Groups contain _____ only.

Answer 24

Users

Question 25

Access Keys are used to access what?

Using what?

Answer 25

AWS

CLI or SDK

Question 26

How do IAM users access AWS services?

Answer 26

By using their own credentials (username/password or Access Keys)

Question 27

For everyday task, use an ___ _____.

Answer 27

IAM user

Question 28

IAM User Groups can only contain (blank)

Answer 28

IAM users.

Question 29

A statement in an IAM Policy consists of what? (6)

Answer 29

• Sid (Statement ID)
• Effect
• Principal
• Action
• Resource
• Condition