IAM stuff Flashcards

1
Q

T or F I am allows you to manage users and their level of access to the AWS console

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the major benefits of IAM?

A
  1. Centralized control of your AWS account. 2.Shared access to your AWS account 3. Granular permissions 4. identify Federation 5. multifactor authentication 6. temp access for users, devices, and services 7. allows password rotation 8. integrates with many AWS services 9. PCI and DSS compliant
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IAM users

A

people

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IAM Groups

A

A collection of users under 1 set of permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IAM Roles

A

You create roles and can assign them to resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IAM Policies

A

A document that defines one or more permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

T or F IAM is not universal and applies to specific regions

A

False IAM is universal and it does not apply to regions at this time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The ____ account is simply the account created when first setup your AWS account.

A

root

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

T or F The root account has complete admin access

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

T or F New users have basic permissions when first created

A

False New users have no permissions when first created

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

New users are assigned ____ and ____ when first created.

A

access key ID and secret access keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Can you use the access key and secret access key to login to the AWS management console?

A

No, they cannot be used to log into the console. They are not the same as a password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What can you use the Access key ID and secret access key for?

A

They can be used to access AWS via the APIs and command line.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

T or F You can view your Access Key ID and secret access key anytime by logging into the AWS console and checking IAM.

A

False They can only be viewed once. You need to store them in a secure location. If you lose them, you have to create new keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Always setup _____ on the root account

A

MFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

T or F You can create and customize your own password rotation policy

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

_____ allow you to not use Access Key IDs and Secret Access Keys

A

Roles

18
Q

T or F Roles are preferred over IAM accounts from a security perspective

A

True

19
Q

Roles are controller by _______

A

policies

20
Q

T or F You can change a policy on a role and it takes some time to propagate.

A

False, changes are instant.

21
Q

T or F You can attach and detach roles to running EC2 instances without having to stop or terminate these instances.

A

True

22
Q

Advanced IAM

___ ___ ___ lets you give your users access to AWS resources after they have sucessfully authenticated with a web-based identity provider like Amazon, Facebook, or Google.

A

web identity federation

23
Q

Advanced IAM

Following successful auth, the user receives an auth code from teh web ID provider, which they can trade for temp AWS _____ creds

A

security

24
Q
A
25
Q

Advanced IAM policies

____ ___ ____ is used to define user access permissions within AWS

A

Identity Access Management (IAM)

26
Q

What are the 3 different types of IAM polcies available?

A

Managed policies; customer managed policies; inline policies

27
Q

Which type of policy is this?

Manged; Inline; Custom

-This is an IAM policy which is created and adminsitrered by AWS

A

Managed

28
Q

Which type of policy is this?

Manged; Inline; Custom

-AWS provides these polcies for common use cases based on job function ie: AmazonDynamoDBFullAccess, AWSCodeCommitPowerUser, AmazonEC2ReadOnlyAccess

A

managed

29
Q

Which type of policy is this?

Manged; Inline; Custom

-these aws-provided policies allow you to assign appropriate permission to your users, groups, and roles without having to write the policy yourself

A

managed

30
Q

Which type of policy is this?

Manged; Inline; Custom

-A single policy of this type can be attached to multiple users, groups, or roles withing hte same AWS account and accross different accounts.

A

manged

31
Q

Which type of policy is this?

Manged; Inline; Custom

-you can’t change the permissions defined in this type of policy

A

managed

32
Q

Which type of policy is this?

Manged; Inline; Custom

-A standalone policy that you can create and administer inside your own AWS account. You can attaqch this polciy to multiple users, groups, and roles - but only within your account.

A

custom

33
Q

Which type of policy is this?

Manged; Inline; Custom

-in order to create this type of policy, you can copy an existin AWS policy and customize it to fit the requirements of your organization.

A

custom

34
Q

Which type of policy is this?

Manged; Inline; Custom

-recommended for use cases where the existing AWS policies don’t meet the needs of your environment.

A

custom

35
Q

Which type of policy is this?

Manged; Inline; Custom

-An IAM policy which si actually embeded with the user, group, or role to which it applies. Ther eis a strict 1:1 relationship between the entity and the policy.

A

Inline

36
Q

Which type of policy is this?

Manged; Inline; Custom

-When you delete the user, group, or role in which this policy is embeded, the policy will also be deleted.

A

Inline

37
Q

Which type of policy is this?

Manged; Inline; Custom

-In most cases, AWS recommends using Managed policies over these polcies.

A

Inline

38
Q

Which type of policy is this?

Manged; Inline; Custom

-These policies are useful when you want to be sure that the permissions in a policy are not inadvertently assigned to any other user, group, or role than the one for which they’re intended ie: you are creating a policy that must only ever be attached to a single user, group, or role)

A

inline

39
Q
A
40
Q

With ___ ____ ____, many AWS customers use separate AWs accounts for their development and prod resources. This separation allows them to cleanly separate different types of resources and can also provide some security benefits.

A

Cross Account Access

41
Q

___ ___ ___ makes it easier for you to work productively within a multiaccount (or multi-role) AWS environment by making it easy for you to switch roles within the AWS management console. YOu can now sign into the console using your IAM user name then switch the console to manage another account without having to enter (or remember) another user name and password.

A

Cross Account Access

42
Q

Put these steps in order:

  • switch accounts
  • apply it to teh developer group
  • log in to the developer account
  • create the “UpdateApp” Cross Account Role
  • Log into production
  • create a group IAM-Dev
  • Identify our account numbers
  • Create a user IAM-dev
  • Create teh “read-write-app-bucket” policy
  • Apply the newly created policy to the role
  • Create a new inline policy
  • Log in as Erik
A
  • Identify our account numbers
  • create a group IAM-Dev
  • Create a user IAM-dev
  • Log into production
  • Create teh “read-write-app-bucket” policy
  • create the “UpdateApp” Cross Account Role
  • Apply the newly created policy to the role
  • log in to the developer account
  • Create a new inline policy
  • apply it to teh developer group
  • Log in as Erik
  • switch accounts