Section 2: IAM Flashcards
What are IAM users, groups roles and policies?
Users = individual user
Groups = a bunch of users with the same policies
Roles = a preset of policies for service/s. It is used by AWS resources and roles may contain multiple policy documents.
Policies = JSON documents that define what Users, groups, and Roles can do within AWS
What is AWS Security Token Service (STS)?
A web service for requesting temporary, limited-privilege credentials for AWS Identity and Access Management users or for users that you authenticate (federated users)
Identity based policy
vs
Resource based policy
Identity based policies are attached to an IAM user, group, or role. e.g. you can attach the policy to the IAM user named John, stating that he is allowed to perform the Amazon EC2 RunInstances action.
Resources based policies are attached to a resource. For example, you can attach resource-based policies to Amazon S3 buckets, Amazon SQS queues
An explicit deny in any policy overwrides any other policy allow?
True
An explicit deny in any policy does overwrides any other policy allow
What is a Federated User
A user with temporary AWS access permissions through using a third party provider such as Google, Facebook etc.
What should you use the root user for?
Avoid using root user as much as possible. Any daily tasks should be done with another account
What can you use to generate policies based on chosen access levels
Use IAM Access Analyzer to validate IAM policies and generate least-privililage policies
How many users can an AWS account have?
up to 5000 users per AWS account
How are temporary credentials assumed?
Temporary credentials are assumed using AWS STS (Security Token Service)
How can you allow 1 services to have access to another?
Create a role and assigned a permisson policy to that role that grants access to the service
