IAM Users & Groups Flashcards
1
Q
Groups
A
- Only contain users
- Can’t contain groups
- A user can be in multiple groups
2
Q
IAM: Permissions
A
Users or Grops can be assigned JSON documents called policies
3
Q
Policies
A
JSON document that defines permissions assigned to a user or group
4
Q
IAM (Identity and Access Management)
A
- Global Service
- Manage accounts and groups
5
Q
In Line Policy
A
Policy that applies to only one user
6
Q
Multi Factor Authentication options
A
- Virtual MFA
- Hardware Key Fob
- Hardware Key Fob for GovCloud (US)
- Univeral 2nd (U2F) Secruity Key
7
Q
Virtual MFA Options
A
- Phone app
- Google Authenticator
- Authy
- Support multiple tokens on a single device
8
Q
Univerals 2nd (U2F) Secruity Key
A
- Physical Device
- YubiKey, by Yubico
- Multiple root and IAM users using a single key
9
Q
Hardware Key Fob MFA Device
A
Gemalto
10
Q
Hardware Key Fob MFA Device for AWS GovCloud (US)
A
SurePassID
11
Q
IAM Roles
A
Permissions for AWS services
12
Q
IAM Secrutiy Tools
A
- Credentials Report (account-level)
- Access Advisor (user-level)
13
Q
IAM Credentials Report
A
- Account level
- List all users and the status of their credentials
14
Q
IAM Access Advisor
A
- User level
- Shows permissions granted to a user and when those were last accessed
- Can be used to revise permissions
15
Q
IAM Best Practices
A
- Only use root account for setup
- Use MFA
- Use Roles for perms to services
- Use Access Keys for CLI/SK
- Audit permissions using Credentials Report & Access Advisor