IAM - Roles/Security Tools/Best Practices Flashcards
What is an IAM Role in AWS?
An IAM Role is a set of permissions assigned to AWS services (like EC2 or Lambda), allowing them to perform actions on your behalf. It’s like a user account, but for services, not people.
How do IAM Roles work with services like EC2?
When an AWS service (like EC2) needs to access other AWS resources, it assumes an IAM Role with the necessary permissions. The service uses the role to make API calls and interact with other AWS services securely.
What is an IAM Credentials Report?
The IAM Credentials Report is a security tool that provides a summary of all users in your AWS account, including the status of their credentials (e.g., whether their password or access keys are active).
What does the IAM Access Advisor do?
The IAM Access Advisor shows the permissions granted to a user and when they last accessed the associated AWS services. This helps to identify unused permissions and enforce the principle of least privilege.
Why is IAM Access Advisor useful?
It helps track service usage by users. If a service hasn’t been accessed recently, it may not need to be granted anymore, helping reduce unnecessary permissions and improve security.
When should you use the root account in AWS?
Only use the root account when setting up your AWS account. After setup, create a personal user account for regular tasks.
What does “one AWS user = one physical user” mean?
Each AWS user should represent a single person. Do not share accounts. Instead, create a new user for each person who needs access.
Why should you assign permissions to groups instead of individual users?
Assigning permissions to groups simplifies management and ensures consistent security at the group level.
Why should you use IAM roles for AWS services?
IAM roles allow AWS services (like EC2 instances) to perform actions on your behalf securely by assigning them the appropriate permissions.
