Identity and Access Management (IAM) Flashcards
What is IAM?
It stands for Identity and Access Management and it allows you to manage users and their levels of access to the AWS console.
What are you allowed to do in IAM?
- Create users and grant permissions to those users
- Create groups and roles
- Control access to AWS resources
What is the root account in AWS?
The root account has full administrative access to AWS.
What are the four steps to secure your root account in AWS?
- Enable MFA on the root account
- Create an admin group for your administrators and assign the appropriate permissions to this group
- Create user accounts for administrators
- Add users to the admin group
How do you control permissions using IAM?
You assign permissions using policy documents which are made up of JSON.
What are the elements of a policy document in IAM?
- Version
- Statement with Effect (Allow or Deny), Action and Resource
What can you assign policy documents to in IAM?
Users, Groups and Roles
What is a user in IAM?
One physical person
What is a group in IAM?
Functions, such as administrator, developer, etc. and they contain users
What is a role in IAM?
Internal usage within AWS that allows one part of AWS to use another part of AWS
Is it best practice to assign policies (permissions) directly to users?
No, it is best practice for uses to inherit permissions from groups.
Explain the principal of least privilege.
Only assign a user the minimum amount of privileges they need to do their job.
Is IAM a regional service?
No it is a global (universal) service.
Are new users assigned any permissions when they are created (by default)?
No, the user will have no permissions unless assigned.
What are access key IDs and secret access keys?
They are not the same as usernames and passwords. They are used for programmatic access to AWS (APIs and CLI).
