IAM - Identity and Access Management Flashcards
What is IAM?
Indentity and Access Management, a global AWS service
Is the root account part of IAM?
No
Who can be a user?
Ppl within the organization.
Can a group contain another group?
No, it can only contain user.
Is it a must for a user to be part of any group?
No, inline policies can be applied.
Can a user be part of multiple groups?
Yes, it can.
What are IAM Permissions?
Policies defined for users or groups.
What are IAM policies?
JSON document that list the access for different services.
What is the Permission best practise?
The least privilege principle: do not give more permission than a user needs.
How can you add permissions to a user without groups?
With inline policies.
What are the structure of an IAM Policy?
- version: policy language version
- id: policy id, optional
- statement: one or more individual statements, required
What does a Policy Statement consist?
- Sid: statement id, opt
- Effect: whether the statement allows or denies access(Allow, Deny)
- Principal: account/user/role to which this policy applied to
- Action: list of actions this policy allows or denies
- Resource: list of resources to which the actions applied
- Condition: conditions for when this policy is in effect, opt
What password policies can be set in IAM?
- Set minimum pw lengt
- Require specific character
1. including uppercase letter
2. lowercase letter
3. numbers
4. non-alp. num. char. - Allow all IAM users to change their own passwords
- Require users to change their password after some time (pw expiration)
- Prevent pw reuse
What is MFA?
MFA = pw you know + security device you have
If the pw is stolen or hacked, the account is not compromised.
What are the MFA options in IAM?
- Virtual MFA devices: Google Auth, Authy … => multiple tokens single device
- Universal 2nd Factpr Security Key (U2F) => multiple root and IAM users using a single sec key
- Hardware TOTP token
