Policy 1 Flashcards

1
Q

Policy Types

4 types of IAM Policies?

A

Identity-based, Resource-based, permission boundaries, Service Control Policies (SCPs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Policy Types

What can have Identity-based policies?

A

Users, Groups, Roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Policy Types

What type of Policies use “Principal” section?

A

Only Resource policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Policy Interpretation

Single policy with DENY and a Condition. What if condition isn’t true?

A

Still denied: implicit deny! You’d need an explicit Allow for this to do anything.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Policy Interpretation

What is “NotAction”?

A

Opposite of “Action”: Careful! This means everything other than these is in scope!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Policy Interpretation

What should you be on the lookout for on the exam with Policies?

A

“not” appearing in conditions, “NotAction”, etc. Most common way to mess up.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Policy Interpretation

Setting up policy to deny anything not in eu-west-1. What’s the “gotcha”?

A

CloudFront, Route53, IAM, and Support run out of us-east-1 and are global.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Policy Interpretation

S3 policy Actions around listing buckets?

A

s3:ListAllMyBuckets (all buckets owned by me), s3:ListBucket (objects in a bucket). There is no s3:ListObject*

How well did you know this?
1
Not at all
2
3
4
5
Perfectly