Identity and Access Management (IAM) - Advanced

Question 1

What is AWS Organizations?

Answer 1

Question 2

How do Organizational Units relate to the AWS Organization?

Answer 2

Question 3

What are some examples of Organizational Units in AWS Organizations?

Answer 3

Question 4

What are the advantages of using AWS Organizations?

Answer 4

Question 5

What are Service Control Policies (SCP) in AWS Organizations?

Answer 5

Question 6

What is the hierarchy of Service Control Policies (SCP) in AWS Organizations?

Answer 6

Question 7

With Service Control Policies (SCP) in AWS Organizations, if you have both an explicit deny and an explicit allow policy applied, which takes precedence?

Answer 7

The deny, always

Question 8

What would a Service Control Policy (SCP) in AWS Organizations look like that allowed all access except DynamoDB (aka “Blocklist Strategy”)?

Answer 8

Question 9

What would a Service Control Policy (SCP) in AWS Organizations look like that blocked everything except EC2 and CloudWatch (aka “Allowlist Strategy”)?

Answer 9

Question 10

What does a Policy in IAM look like that has a condition applied to restrict the client IP from which the API calls are being made?

Answer 10

Question 11

What does a Policy in IAM look like that has a condition applied to restrict the region the API calls are made to?

Answer 11

Question 12

What does a Policy in IAM look like that has a condition applied to restrict based on tags?

Answer 12

Question 13

What does a Policy in IAM look like that has a condition applied to to force MFA?

Answer 13

Question 14

What does an IAM policy look like for a Bucket in S3 as opposed to an Object in S3?

Answer 14

Question 15

In IAM, what would an IAM policy look like that restricts access to accounts that are member of an AWS Organization?

Answer 15

Question 16

What are the fundamental differences between IAM Roles vs Resource Based Policies as it relates to cross-account access?

Answer 16

Question 17

What are the fundamental differences between IAM Roles vs Resource Based Policies?

Answer 17

Question 18

When should you use IAM Roles vs Resource Based Policies when adding security in EventBridge?

Answer 18

Question 19

What are IAM Permission Boundaries?

Answer 19

Question 20

What are the use cases for IAM Permission Boundaries?

Answer 20

Question 21

How does the IAM Policy Evaluation Logic work?

Answer 21

Question 22

In AWS Organization SCP, is all access defaulted to implicit allow or implicit deny?

Answer 22

Implicit deny

Question 23

What is the AWS IAM Identity Center?

Answer 23

Question 24

What does the AWS IAM Identity Center login flow look like?

Answer 24

Question 25

How does the AWS IAM Identity Center work?

Answer 25

Question 26

How does everything in AWS IAM Identity Center relate for Organizations, Users and Groups (i.e. Permission Sets)?

Answer 26

Question 27

How do AWS IAM Identity Center fine-grained Permissions and Assignments work?

Answer 27

Question 28

What is Microsoft Active Directory (AD)?

Answer 28

Question 29

What is AWS Directory Services?

Answer 29

Question 30

How do you set-up Active Directory in IAM Identity Center?

Answer 30

Question 31

What is AWS Control Tower?

Answer 31

Question 32

How does AWS Control Tower Guardrails work?

Answer 32