IAM & AWS CLI

Question 1

3 options to access AWS

Answer 1

1. CLI (Command Line Interface)
2. SDK (Software Dev Kit)
3. Management Console

Question 2

How do you create access keys?

Answer 2

AWS Console

Question 3

Are Access Keys managed by AWS or the User?

Answer 3

User

Question 4

What is the AWS CLI?

Answer 4

Its the command line interface which allows you to interact with AWS cervices using commands.

Question 5

What is the AWS CLI?

Answer 5

Its the command line interface which allows you to interact with AWS cervices using commands.

Question 6

Does the CLI have direct access to public APIs of AWS services?

Answer 6

Yes

Question 7

Can you develop scripts to manage your resources using the AWS CLI?

Answer 7

Yes

Question 8

What is AWS SDK?

Answer 8

Software Development Kit

Question 9

What is SDK made of?

Answer 9

Language-specific APIs (set of libraries)

Question 10

What does SDK lets you do?

Answer 10

Enables you to access and manage AWS services programmatically

Question 11

Is SDK embedded within your application?

Answer 11

Yes

Question 12

SDK Example?

Answer 12

CLI is built on AWS SDK for Python

Question 13

What is CloudShell?

Answer 13

It is a terminal in cloud of AWS - Works by Region

Question 14

What do AWS services need to perform actions on your behalf?

Answer 14

IAM Roles for Services

Question 15

What are IAM roles used by?

Answer 15

AWS Services

Question 16

Example

Answer 16

You have an EC2 instance that needs access to an AWS service. To do that, you assign an IAM role to the EC2 instance.

Question 17

What are some Common Roles for IAM?

Answer 17

1. EC2 instance Roles
2. Lambda Function Roles
3. Roles for CloudFormation

Question 18

How many Security Tools does IAM have?

Answer 18

Two

Question 19

What are the IAM Security Tools called?

Answer 19

1. IAM Credentials Report (account - level)
2. IAM Access Advisor (user - level)

Question 20

What does the AIM Credentials Report IAM tool do?

Answer 20

Generates a report that lists all account users and status of their credentials

Question 21

What does the Access Advisor IAM tool do?

Answer 21

Shows the service permissions granted to a user and when those services were last accessed.

Question 22

Which IAM tool can you use to revise your policies?

Answer 22

Access Advisor IAM tool

Question 23

What IAM tool do you use to see when a service was last accessed by a specific user?

Answer 23

Access Advisor IAM tool

Question 24

When using Access Advisor, what can you do if you see that some services were never accessed by a user?

Answer 24

Remove their permission to that service

Question 25

True/False - Use Root account only for AWS account Setup

Answer 25

True

Question 26

Is one physical user = One AWS user?

Answer 26

Yes

Question 27

Can you assign users to groups and permissions to groups?

user -> group then permission -> group

Answer 27

Yes

Question 28

What should u use when giving permissions to AWS services?

Answer 28

Roles

Question 29

If you want to use CLI or SDK (programmatic access, what should you create and use?

Answer 29

Access Keys

Question 30

If you want to use CLI or SDK (programmatic access, what should you create and use?

Answer 30

Access Keys

Question 31

How can you audit permissions to your account?

Answer 31

IAM Credentials Report & IAM Access Advisor

Question 32

What should Groups contain?

Answer 32

Users

Question 33

What are policies made out of?

Answer 33

jSON files that outline permissions for users or groups

Question 34

To assign permissions within AWS to EC2 instances or AWS services you need what?

Answer 34

To assign Roles

Question 35

How can you enforce security to users?

Answer 35

1. MFA
2. Password Policy

Question 36

What are Access Keys used for?

Answer 36

To access AWS using CLI or SDK