IAM - Identity Access Manager

Question 1

IAM Policies

Answer 1

Identity policies are type of policies that get attached to AWS identities and either ALLOW or DENY access to AWS resources.

Identities are
1. IAM Users
2. IAM groups
3. IAM Roles.

Question 2

IAM policies or Identity Policy.

Answer 2

It is a set of security statements to AWS

Question 3

IAM Policy Document

Answer 3

It is a JSON file, which has one or more statements

Question 4

Structure of Statement

Answer 4

Statement : [
{
“sid” : “FullAccess”,
“Effect” : “Allow”,
“Action” : “[“s3:”],
“Resource” : []
},
{
“sid” : “DenyCatBucket”,
“Effect” : “Deny”,
“Action” : “[“s3:”],
“Resource” : [“arn:aws:s3:::catgifs”, “arn:aws:s3:::catgifs/] – list with aws resources it should be in ARN (amazon resource name format )
},

Question 5

How does aws handle overlapping permissions.

Answer 5

If there is an overlap with the effect, deny takes the priority over allow.
if there is no effect defined then it is implicitly denied.

Question 6

AWS policy Priority of granting access to resources

Answer 6

Here is the priority details

1.Explicit DENY
2.Explicit ALLOW
3.IMPLICIT DENY.

Question 7

Types of Policy

Answer 7

Inline policy
- Use this for Special or Exceptional allow or Deny
managed policy - these are good for 2 main reasons
- Reusable
- low management overhead

Question 8

There are two types of managed policies

Answer 8

AWS and custom manage policy.

Question 9

What is an ARN

Answer 9

Amazon Resource Name - Uniquely identifies resources within any AWS accounts.

Question 10

ARN format

Answer 10

arn:partition:service:region

Question 11

Max number of IAM user accounts

Answer 11

500 IAM users per account

Question 12

IAM user can be member of how many groups

Answer 12

10 groups