Important Info Flashcards

1
Q

IAM Principles must be authenticated to send requests (with few exceptions).

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How many individual user accounts can be created?

A

5000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is main reason to use groups?

A

Apply permissions to users using policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does user gain permissions in User Group?

A

By permissions applied to group via that policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are access keys used for?

A

Programmitic Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are username & passwords used for?

A

Console access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are permissions boundaries attached to?

A

Users & Roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What do permission boundaries set?

A

Maximum permissions that entity can have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are Determination Rules for Policies?

A
  1. Default: all requests are IMPLICITLY denied (though root user has full access)
  2. An explicit allow in identity-based or resource-based policy overrides default.
  3. If permissions boundary, Organizations SCP, or session policy present, might override allow with implicit deny.
  4. Explicit deny in any policy overrides any allows.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are AWS IAM Best Practices

A
  1. Require human users to use federation w/ an identity provider to access AWS using temp credentials.
  2. Require workloads use temp credentials w/ IAM roles to access AWS.
  3. Require multi-factor authentication (MFA).
  4. Upate access keys regularly for use cases that require long-term credentials.
  5. Safeguard root user credentials & don’t use them for everyday tasks.
  6. Apply least-privilege permissions.
  7. Start w/ AWS managed policies & move toward least-privilege permissions.
  8. Use IAM Access Analyzer to generate least-privilege policies based on access activity.
  9. Regularly review & remove unused users, roles, permissions, policies, & credentials.
  10. Use conditions in IAM policies to further restrict access.
  11. Verify public & cross account access to resources w/ IAM Access Analyzer.
  12. Use IAM Access Analyzer to validate IAM policies to ensure secure & functional permissions.
  13. Establish permissions guardrails across multiple accounts.
  14. Use permissions boundaries to delegate permissions management w/in an account.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which element of an IAM policy document can be used to specify that a policy should take effect only if the caller is coming from a specific source IP address?

A

Condition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly