Identity and Access Management

Question 1

Q: What is AWS IAM?

Answer 1

A: Identity and Access Management (IAM) is a service for securely managing access to AWS resources.

Question 2

Q: What are the key features of AWS IAM?

Answer 2

A: Centralized control, granular permissions, secure access to AWS resources, and support for multi-factor authentication (MFA).

Question 3

Q: What are the main components of IAM?

Answer 3

A: Users, Groups, Roles, and Policies.

Question 4

Q: What is an IAM user?

Answer 4

A: An entity that represents an individual person or application that interacts with AWS services.

Question 5

Q: What is an IAM group?

Answer 5

A: A collection of IAM users with shared permissions.

Question 6

Q: What is an IAM role?

Answer 6

A: An entity that AWS services or applications can assume to gain temporary access to resources.

Question 7

Q: What are IAM policies?

Answer 7

A: JSON documents that define permissions for users, groups, or roles.

Question 8

Q: What are managed policies?

Answer 8

A: Predefined policies managed by AWS or customers that can be attached to IAM identities.

Question 9

Q: What are inline policies?

Answer 9

A: Policies directly embedded in a single user, group, or role.

Question 10

Q: What is Multi-Factor Authentication (MFA) in AWS IAM?

Answer 10

A: An additional layer of security requiring a second factor, like a hardware token or app.

Question 11

Q: What is the AWS root user?

Answer 11

A: The account created when signing up for AWS, with full permissions across all resources.

Question 12

Q: What are IAM access keys?

Answer 12

A: Key pairs used to authenticate programmatic requests to AWS services.

Question 13

Q: What are best practices for using AWS IAM?

Answer 13

A: Enable MFA, use least privilege, rotate credentials, avoid using the root account, and monitor activity.

Question 14

Q: What is identity federation in AWS IAM?

Answer 14

A: Allowing users from external identity providers to access AWS resources using their credentials.

Question 15

Q: How does IAM integrate with AWS Organizations?

Answer 15

A: IAM policies can manage permissions for multiple AWS accounts through AWS Organizations.

Question 16

Q: What are Service Control Policies (SCPs)?

Answer 16

A: Policies that control AWS service access for accounts in AWS Organizations.

Question 17

Q: What is the AssumeRole API?

Answer 17

A: An API call allowing users or services to assume an IAM role and gain temporary credentials.

Question 18

Q: What is the IAM credential report?

Answer 18

A: A report listing all users and the status of their credentials for security analysis.

Question 19

Q: What is the IAM Access Analyzer?

Answer 19

A: A tool that helps identify resources shared externally and assesses their permissions.

Question 20

Q: What is the difference between an IAM role and an IAM user?

Answer 20

A: Users have long-term credentials and are assigned directly, while roles provide temporary access and can be assumed by users, services, or applications.

Question 21

Q: What are the types of IAM policies?

Answer 21

A: Managed Policies, Inline Policies, SCPs, and Resource-Based Policies.

Question 22

Q: What are resource-based policies?

Answer 22

A: Policies directly attached to AWS resources, such as S3 bucket policies.

Question 23

Q: How does IAM evaluate policies?

Answer 23

A: By applying explicit deny, explicit allow, and implicit deny in that order.

Question 24

Q: What are conditions in IAM policies?

Answer 24

A: Optional elements to specify when a policy is in effect, based on context keys.

Question 25

Q: What is a principal in IAM?

Answer 25

A: An entity (user, role, or service) that can make a request for an AWS action.

Question 26

Q: What are temporary security credentials in IAM?

Answer 26

A: Short-lived credentials provided by roles to access resources.

Question 27

Q: What is the AWS IAM Policy Simulator?

Answer 27

A: A tool to test and validate the effect of IAM policies before applying them.

Question 28

Q: How is cross-account access implemented in AWS?

Answer 28

A: By setting up resource-based policies or using IAM roles that are assumed by accounts.

Question 29

Q: What is AWS STS?

Answer 29

A: AWS Security Token Service provides temporary security credentials for access to resources.

Question 30

Q: What are some limits of AWS IAM?

Answer 30

A: Limits include 5,000 IAM users per account, 10 managed policies per user, and 1,000 groups per account.