IAM - Users and Groups/Policies

Question 1

What does IAM stand for? And what is it used for?

Answer 1

Identity and Access Management. It’s used to create and manage users and groups.

Question 2

True or False? Groups contain users and other groups.

Answer 2

False. Groups only contain users.

Question 3

What are IAM policies?

Answer 3

They are JSON documents that are assigned to users and groups that define their permissions.

Question 4

What is the name of the principle that allows the minimal amount of permissions that a user requires?

Answer 4

The least privilege principle.

Question 5

What is an Inline Policy?

Answer 5

A policy that is assigned to a user directly rather than through a group.

Question 6

What does the JSON document for IAM policies consist of?

Answer 6

Version: Policy language version. Always include “2012-10-17”

Id: Identifier of the policy (optional) e.g. “S3-Account-Permissions”

Statement: One or more individual statements that detail what the policy is and who it applies to (required).

Question 7

What does the statement for the JSON document consist of?

Answer 7

Sid: An identifier for the statement (optional)

Effect: Whether the statement allows or denies access.

Principal: The account/user/role that the policy applies to.

Action: List of actions that the policy allows or denies e.g. “S3:GetObject”

Resource: List of resources to which the actions are applied to e.g. An S3 bucket

Condition: Conditions for when this policy is in effect (optional)

Question 8

List three device options for MFA?

Answer 8

Virtual MFA device e.g. Google Authenticator

Universal 2nd Factor (U2F) Security Key e.g. YubiKey

Hardware Key Fob MFA Device e.g. Gemalto