IAM Identity and Access Management

Question 1

What are users?

Answer 1

People within the org, can be organised in groups

Question 2

What do Groups contain?

Answer 2

Only users, can’t contain groups

Question 3

What format is a policy expressed in?

Answer 3

JSON

Question 4

What do policies define?

Answer 4

User Permissions

Question 5

What is the high level policy structure

Answer 5

Version (policy language version)
ID (optional id for the policy)
Statement (one or more individual statements)

Question 6

What does a policy Statement Consist of?

Answer 6

SID - identifier for the statement
Effect - can be Allow or Deny
Principle - who the policy applies to
Action - list of actions that the policy allows or denies (eg. s3:GetObject)
Resource - The resources to which the policy applies (e.g arn:aws:s3:::mybucket/*)
Condition: conditions in which the policy is in effect.

Question 7

How can users access AWS

Answer 7

AWS Mgt Console : password and MFA
AWS CLI: access keys
AWS SDK: access keys

Question 8

What are IAM Roles

Answer 8

These are permissons for services
eg
EC2 Instance Roles
Lambda Function Roles
Roles for CloudFormation

Question 9

What tool lists all your accounts users and the status of their various credentials?

Answer 9

IAM Credentials Report (account-level)

Question 10

What tool shows the service permissions granted to a user and when those services were last accessed?

Answer 10

IAM Access Advisor (can be used to revise your policies)