Identity and Access Management (IAM) Flashcards

1
Q

STS - Security Token Service

A

Allows to grant limited and temporary access to AWS resources.
• Token is valid for up to one hour (must be refreshed)

Normally used by assuming a role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Identity Federation

A

Federation lets users outside of AWS to assume user temporary role for accessing AWS resources. Basically use 3rd party authentication tools to use in AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Microsoft Active Directory

A

Found on any Windows Server with AD Domain Services

Database of objects: User Accounts, Computers, Printers, File Shares, Security Groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AWS Organisations

A

Global service that allows to manage multiple AWS accounts (organisations)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Service Control Policies (SCP)

A

Allows whitelisting or blacklisting of IAM actions applied at the Organisation or Account level but does not apply to the Master Account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IAM Conditions

A

Restrict policies more strictly

  • restrict the client IP from which the API calls are being made
  • restrict region
  • restrict based on tags
  • force MFA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

IAM Permission Boundaries

A

Manage policies to set the maximum permissions an IAM entity can get and is only supported for users and roles

i. e. permissions to for access to services
i. e. a subset of all the allowable permissions for a user/role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Resource Access Manager (RAM)

A

Share AWS resources that you own with other AWS accounts or within your own AWS organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Single Sign-On (SSO)

A

Centrally manage Single Sign-On to access multiple accounts and 3rd-party business applications
- Integrated with AWS Organisations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly