Section 1 - Beginners Guide to IAM

Question 1

What is AWS IAM?

Answer 1

IAM is Identitiy Access management

• Centralized - Control of your AWS account
• Access - Shared access to your AWS account.
• Permissions - Granular permissions
• Identity Federation - Supports well known identity provider such as Active Directory, Facebook, Linkedin
• Universal - not restricted to a region

Question 2

What are the features of IAM?

Answer 2

• Multi-Factor Authentication - Provides increased account settings and resources
• Temporary Access - Provides temporary access for users/ devices and services as necessary
• Password Policies - Allows you to setup your own password rotation policy
• Integrated - Integrates with many different AWS services
• Compliance - Supports PCI DSS compliance (for any application associated with he payment card industry)

Question 3

What is IAM logic structure?

Answer 3

• Users - end users on aws
• Groups - Logical grouping of user
• Roles - You create roles and can then assign them to users, applications and services to give access to AWS resources.
• Policy
  
  • A document that defines one or more permissions
  • An IAM policy can be attached to a User, Group or Role.

Question 4

IAM Policy Simulator?

Answer 4

• Test IAM permissions before you commit them to production
• Validate that the policy works as expected
• You can also test policies attached to existing users - great for troubleshooting
• https://policysim.aws.amazon.com

Question 5

Give example of a role which gives access to everything?

Answer 5

{
“Version”: “2012-10-17”,
“Statement” :
[
{
“Effect” : “Allow”,
“Action”: “*”,
“Resource”: “*”
}
]
}