Section 4a: IAM - Identity and Access Management Flashcards
Intro to IAM, policies, permissions, and MFA
IAM is
Identity and Access Management
A Root account is
An account created by default. It shouldn’t be used or shared.
Users are
People within your org that can be added to groups.
Groups are
Groupings of users. In AWS groups can ONLY contain users, not other groups.
IAM permissions are defined in what format?
JSON
What is the least
privilege principle
Not giving a user more permissions than they need
Group policies get applied to
The whole group
In-line policies get applied to
A specific user
IAM (permissions) policy consists of
- Version
- ID (optional)
- Statement(s)
Statements consist of
- Sid (optional)
- Effect
- Principal
- Action
- Resource
- Condition (optional)
Sid is
an identifier for the statement (optional)
Effect is
whether the statement allows or denies access
(Allow, Deny)
Principle is
account/user/role to which this policy applied to
Action is
a list of actions this policy allows or denies. They are also API calls a permission allows a user to do.
Resource is
list of resources to which the actions applied to
Condition is
conditions for when this policy is in effect
What can you do with an IAM Password Policy?
- Set a minimum password length
- Require specific character types:
- Allow all IAM users to change their own passwords
- Require users to change their password after some time (password expiration)
- Prevent password re-use
MFA stands for
Multi Factor Authentication
MFA is
password you know + security device you own giving a secure login
What is the main benefit of MFA?
if a password is stolen or hacked, the account is not compromised
The 4 MFA device options in AWS
- Virtual MFA device
2.Universal 2nd Factor (U2F) Security Key - Hardware Key Fob MFA Device
- Hardware Key Fob MFA Device for
AWS GovCloud (US)
