IAM - Identity and Access Management Flashcards
What are the 4 security components of IAM?
Users, Groups, Roles and Policies
What 2 things you should not do with your Root account? Mention an exception.
Use it or share it.
except for initial setup
IAM Users must be created with [2]
proper permissions
IAM policies are written in []
JSON
An IAM user is usually [3]
a physical person
IAM groups are frequently used to group based on [2]
Functions (admins, devops) and Teams (engineering, design)
IAM groups contain []
IAM users
An IAM rol is for using it []
internally, within AWS resources (machines)
An IAM policy defines what [7] do
Users, Groups and Roles can and cannot
What is IAM’s visibility?
global
IAM Permissions are governed by []
policies
You can setup [] on IAM to increase security
MFA
IAM has predefined [2]
managed policies
What is the recommended amount of permission to give users?
the minimal they need to perform their job (least privilege principles)
What is used for IAM Identity Federation?
for big enterprises, to usually integrate their own repository of users with IAM, this way, one can login into AWS using company credentials
IAM Identity Federation uses [] standard
Security Assertion Markup Language (SAML) standard
Active Directory is one of the big users of this standard
1 IAM User per [2]
physical person
1 IAM Role per []
application
Never use IAM credentials in []
code
How you need to create IAM users when using Identity Federation?
you don’t need to create IAM users when using Identity Federation
What types of Identity Federations are the most relevants to AWS?
- SAML 2.0
- Custom Identity Broker
- Web Identity Federation with Amazon Cognito
- Web Identity Federation without Amazon Cognito
- SSO
- Non-SAML with AWS Microsoft AD
What you need to use if your identity provider is not compatible with SAML 2.0?
You must write your own Custom Identity Broker
What you should delete on your ROOT account?
access keys
What is the difference between key pair and access keys?
Key Pairs DO provide ACCESS – to EC2 instances.
Access Keys are for programmatic access to AWS services and APIs.