Identity and Acess Management (IAM) Flashcards
Quais são as opções que podem ser definidas em uma politica de senhas na AWS ?
O que quer dizer IAM ?
Identity Access Management Service
Como IAM funciona ?
O que são Principals ?
A person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS. Principals include federated users and assumed roles.
- Users
- Roles
- Federated Users
- Applications
Qual a função de uma REQUEST ?
When a principal tries to use the AWS Management Console, the AWS API, or the AWS CLI, that principal sends a request to AWS
O que é uma AUTHENTICATION ?
A principal must be authenticated (signed in to AWS) using their credentials to send a request to AWS. Some services, such as Amazon S3 and AWS STS, allow a few requests from anonymous users. However, they are the exception to the rule.
Quais são os tipos de autenticação da AWS ?
- Console
To authenticate from the console as a root user, you must sign in with your email address and password.
As an IAM user, provide your account ID or alias, and then your user name and password.
- API / AWS CLI / SDK
To authenticate from the API or AWS CLI, you must provide your access key and secret key.
Quais são as informações que deve conter uma REQUEST ?
- Actions or operations
The actions or operations that the principal wants to perform. This can be an action in the AWS Management Console, or an operation in the AWS CLI or AWS API.
- Resources
The AWS resource object upon which the actions or operations are performed.
- Principal
The person or application that used an entity (user or role) to send the request. Information about the principal includes the policies that are associated with the entity that the principal used to sign in.
- Environment data
Information about the IP address, user agent, SSL enabled status, or the time of day.
- Resource data
Data related to the resource that is being requested. This can include information such as a DynamoDB table name or a tag on an Amazon EC2 instance.
Para que servem as POLICIES?
A policy is an object in AWS that, when associated with an identity or resource, defines their permissions.
When you create a permissions policy to restrict access to a resource, you can choose an identity-based policy or a resource-based policy.
Quais são os tipos de POLICIES que existem?
- Identity-based
- Resource-based
- Permissions boudaries
- Organizations SCPs
- Access Control List (ACL)
- Session policies
O que é uma politica IDENTITY-BASED ?
Identity-based policies grant permissions to an identity.
O que é uma politica RESOURCE_BASED ?
Resource-based policies grant permissions to the principal that is specified in the policy.
Quais permissões tem um USER após ser criado ?
Nenhuma.
Qual a quantidade máxima de USERS que um GROUP pode ter ?
Qual a quantidade máxima de GROUPS que um USER pode participar ?
5.000 USERS
10 GROUPS
Quais as permissões que um ROOT USER tem ?
Full Permissions.
Como faço para autenticar um usuário via AWS CLI / API ?
É necessário utilizar access-key e secret-key.
Quais as ventagens de se utilizar MFA ?
Multi-Factor Authentication (MFA) adds extra security because it requires users to provide unique authentication from an AWS supported MFA mechanism in addition to their regular sign-in credentials when they access AWS websites or services.
Quais são os tipos de MFAs que poem ser utilizados na AWS ?
- Virtual MFA devices.
A software app that runs on a phone or other device and emulates a physical device. The device generates a six-digit numeric code based upon a time-synchronized one-time password algorithm.
- FIDO Security Key
A device that you plug into a USB port on your computer.
- Hardware MFA device
A hardware device that generates a six-digit numeric code based upon a time-synchronized one-time password algorithm.
O que é AWS STS ?
AWS Security Token Service (AWS STS) as a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users you authenticate (federated users).
Credenciais temporárias podem ser usadas em que casos ?
Temporary credentials are used with identity federation, delegation, cross-account access and IAM roles.
O que contém em uma credencial temporária ?
- AccessKeyId
- Expiration
- SecretAccessKey
- SessionToken
O que é uma IAM Role ?
An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials such as a password or access keys associated with it. Instead, when you assume a role, it provides you with temporary security credentials for your role session.
Qual a diferença entre Trust Policy e Permission Policy em uma Role ?
- Trust Policy
A JSON policy document in which you define the principals that you trust to assume the role.
- Permission Policy
A permissions document in JSON format in which you define what actions and resources the role can use
Qual é a Password Policy Default na AWS ?
- Minimum password length is 8 characters
- Include a minimum of three of the following mix of character types: uppercase, lowercase, numbers, and ! @ # $ % ^ & * ( ) _ + - = [] { } | ‘
- Must not be identical to your AWS account name or email address
