IAM: Identity and Access Management

Question 1

What does IAM stand for?

Answer 1

Identity and Access Management

Question 2

What is IAM?

Answer 2

Identity and Access Management is the service where AWS user accounts and their access to various AWS servcies is managed.

Question 3

The common use of IAM is to manage….

Answer 3

• Users
• Groups
• Access policies
• Roles
• User credentials
• User password policies
• Multi-factor authentication (MFA)
• API Keys for programmatic (CLI) access

Question 4

Root User

Answer 4

User created when you create an AWS account. By default the root user has full administrative rights and access to every part of the account.

Question 5

What access do new/additional users have in AWS?

Answer 5

They are created with no access to any AWS resources. The only granted access is the ability to log in.

Question 6

What are AWS Best Practices?

Answer 6

Guidelines that recommend settings, configurations, and architecture for maintaining a high level of security, accessibility, and efficiency.

Question 7

When a new AWS root account is created, it is best practice to complete the tasks listed in IAM under Security Status, including:

Answer 7

• Delete your root access keys
• Activate MFA on your root account
• Create individual IAM users
• Use groups to assign permissions
• Apply an IAM password policy

Question 8

What is MFA?

Answer 8

• Multi-Factor Authentication
• It is an addtional layer of security on your root account that is provided by a 3rd party.
• It provides a continually changing, random, six-digit code you need to input (along with your password) when logging in to your root account.

Question 9

Three types of ways to get an MFA code?

Answer 9

Multi-Factor Authentication

1. Virtual MFA device: Smartphone, tablet, use app, such as Google Authenticator
2. Hardware key fob: small device goes on keychain. Order directly from AWS.
3. API keys for programmatic (CLI) access: Special credentials required for accessing AWS resources via the command line interface (CLI).

Question 10

Should the Root Account be used for administrative purposes?

Answer 10

No. Best practice is to NEVER use your root account for day-to-day use. If you want full admin access, create an IAM user and attach the AdministratorAccess policy to it. Use that account as your daily driver.

Question 11

What is an IAM Group?

Answer 11

• An IAM group is a collection of IAM users. Groups allow you to set and manage permissions for multiple users at the same time.
• Group are a more convenient and efficient way to manage account permissions. For example, if our user James were to switch positions within the company, we could easily remove James form his old group and add him to the new group.

Question 12

IAM Password Policy and Rules

Answer 12

• A password policy dictates the format and expiration rules that a user must follow when creating or modigying their password.
• These rules includes:
• Length requirements
• Case requirements
• Number requirements
• Non-alphanumeric requirements
• Password expiration
• Password reuse
• User rights to change their own password
• Administrator reset requirements

Question 13

Three main components of an IAM User?

Answer 13

1. A username
2. A password
3. Permissions to access various AWS services

Question 14

What is a Policy?

Answer 14

Policies assigned to users and groups grant access to AWS resources.

Question 15

What is a Role?

Answer 15

IAM roles are used to grant one AWS resource access to another resource (e.g. allow EC2 to access S3)