Identity and Access Management Flashcards
IAM makes it easy to provide multiple users _____ _____ to AWS resources.
Secure access
IAM can manage users’ credentials, MFA, and Groups. What are three other Key features that IAM offers?
- Roles
- Access policies
- Password policies
What must be explicitly granted to allow a user to access an AWS service?
Permission
IAM is a _____ service that is described as eventually _____.
IAM is a Universal service that is described as eventually consistent
3 Authentication methods:
- Console _________: use to login to AWS Management Console
- Access ___: Used for programmatic access
- _______ Certificates : Uses SSL/TLS certificates
- Console password: use to login to AWS Management Console
- Access keys: Used for programmatic access
- Server certificates: Uses SSL/TLS certificates
An IAM user is an entity that represents a _______ or _______
An IAM user is an entity that represents a person or service
IAM users can be created to represent applications, and these are known as _______ ________
IAM users can be created to represent applications, and these are known as Service accounts
You can have up to _____ users per AWS account
5000
IAM Groups are collections of _____ and have _____ attached to them
IAM Groups are collections of users and have policies attached to them
A ____ is not an identity and cannot be identified as a ____ in an IAM policy.
A group is not an identity and cannot be identified as a principal in an IAM policy.
Use groups to assign ______ to users.
Permission
You cannot ____ groups within groups
nest
IAM users or AWS services can assume a role to obtain ________ ________ credentials
IAM users or AWS services can assume a role to obtain temporary security credentials
Temporary security credentials are issued by the AWS ________ _____ Service
Temporary security credentials are issued by the AWS Security Token Service (STS)
IAM Policies are documents that define permissions that can be applied to _____, _____, or _____
IAM Policies are documents that define permissions that can be applied to users, groups, or roles
Policy documents are written in what programming language?
JSON
Resources-based policies are attached to a ________ or define permissions for a _________ accessing the resource
Resources-based policies attached to a resource or define permissions for a principal accessing the resource
AWS Organizations:
Service Control Policies (SCP) allow you to control the _________ _________ for an __________ or an __
Service Control Policies (SCP) allow you to control the maximum permissions for an organization or an OU
Session policies are used with __________ ___ actions
Session policies are used with AssumeRole API actions
IAM Best Practices:
Use ____ to assign permissions to IAM users
Use groups to assign permissions to IAM users
IAM Best Practices: Get started using permissions with AWS ____ _____
Get started using permissions with AWS managed policies
IAM Best Practices: Use customer-managed policies instead of ____ _____
Inline policies
IAM Best Practices: Use access levels to review ____ _____
IAM Permissions
IAM Best Practices: Use roles for applications that run on Amazon ____ __________
EC2 instances
IAM Best Practices: Rotate credentials _________
regularly
IAM Best Practices: Use policy conditions for _____ _________
IAM Best Practices: Use policy conditions for extra security
Using _______ _______ ________ is the only way to limit root account access
Using Service control policies (SCP) is the only way to limit root account access
What feature allows you to log into your PC and use those same credentials to log into AWS?
IAM Federation
