IAM Policies Flashcards
What does IAM stand for?
Identity and Access Management
Can a group contain another group?
No
Do users have to belong to a group?
No, but it’s not best practice
Can users belong to multiple groups?
Yes
What kind of service is IAM (global or regional)?
Global
What are the MFA options on AWS?
- Virtual MFA device (google authenticator/authy)
- Universal Second Factory U2F (Yubikey)
- Hardware Key Fob
What is an IAM role?
An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service
True or False: IAM User groups can contain IAM users and other user groups
False. IAM User Groups can only contains IAM Users
What are the fields in the IAM Policy Structure
- Version: (YYYY-MM-DD)
- Id: Optional
- Statement:
* Principal: account/user/role to which policy is applied
* Effect: Allow/Deny access
* Action: List of allow/deny actions
* Resource: Resource the action is applied to
* Sid: statement Id - Optional
How can you audit IAM usage?
By creating a IAM credentials report and using the IAM access advisor service.
How can users access AWS ?
To access AWS, you have three options:
AWS Management Console (protected by password + MFA)
AWS Command Line Interface (CLI): protected by access keys
AWS Software Developer Kit (SDK) - for code: protected by access keys
What are Access Keys
Access Key ID ~= username
Secret Access Key ~= password
What’s the AWS SDK?
AWS Software Development Kit (AWS SDK)
Language-specific APIs (set of libraries)
Enables you to access and manage AWS services programmatically
Embedded within your application
Supports
- SDKs (JavaScript, Python, PHP, .NET, Ruby, Java, Go, Node.js, C++)
- Mobile SDKs (Android, iOS, …)
- IoT Device SDKs (Embedded C, Arduino, …)
Example: AWS CLI is built on AWS SDK for Python
