IAM & AWS CLI Flashcards
IAM =
Identity And Access Management - Global service
Do users have to belong to a group?
No. But it’s not best practice
Should you use the root account that is created by default?
No.
Users are people within your organization, and can be grouped. True or False.
True
Groups can only contain users, not other groups?
True
Users or Groups are assigned JSON documents called?
Policies
What do policies do?
They define the permissions of the users
What is the “least privilege principle”?
don’t give more permissions than a user needs
How does a User inherit a policy?
Attach a policy to that user’s group.
Who can an inline policy?
Individual users.
Features:
- set a minimum password length
- Require specific character types:
- including uppercase letters
- lowercase letters, number, non-alphanumeric characters
- Allow IAM users to change their own passwords
- Require users to change their password after some time (password expiration)
- Prevent password re-user
Password policies that can be set.
Three ways to access AWS?
- AWS Management Console (protected by password + MFA)
- AWS Command Line Interface (CLI): protected by access keys
- AWS Software Developer Kit (SDK) - for code: protected by access keys
How are access keys generated?
Through the AWS Console
How are keys managed?
By user
What is AWS CLI?
A tool that allows you to interact with the AWS services using commands in your command-line shell.
How can you get direct access to the public APIs of your AWS services
AWS CLI
Where can you develop scripts to manage your resources?
AWS CLI
What an alternative to using AWS CLI?
AWS Management Console
AWS SDK =
AWS Software Development Kit
What is the purpose of the AWS SDK?
Enables you to access and manage your AWS services programmatically
What is embedded within your application?
AWS SDK
What is AWS CloudShell?
Alternative to using the terminal
What are IAM Roles?
Similar to IAM Users but specifically designed for AWS services to perform actions on your account, not for direct use by individuals.
What is created to assign necessary permissions to AWS services, enabling them to act on your behalf within your AWS account.
IAM Roles
What grants permissions to execute tasks within AWS.
IAM Roles
What is IAM Credentials Report (account-level)
A report that lists all your account’s users and the status of their various credentials.
IAM Access Advisor (user-level)
shows the service permissions granted to a user and when those services were last accessed
What tool can you use to gather information to revise your policies?
IAM Access Advisor (user-level)
Don’t use a root account except when you set up your AWS account?
True
What should security be managed?
At the group level?
How do you assign permissions to users?
Assign users to groups and assign permissions to groups
How can audit account permissions?
IAM Credentials Reports & IAM Access Advisor
What is the differences in responsibility between user and AWS?
AWS is responsible for all the infrastructure
User is responsible for how that infrastructure is used.