Section - IAM Flashcards
1
Q
What is AWS IAM?
A
IAM is Identitiy Access management
- Centralized - Control of your AWS account
- Access - Shared access to your AWS account.
- Permissions - Granular permissions
- Identity Federation - Supports well known identity provider such as Active Directory, Facebook, Linkedin
- Universal - not restricted to a region
2
Q
What are the features of IAM?
A
- Multi-Factor Authentication - Provides increased account settings and resources
- Temporary Access - Provides temporary access for users/ devices and services as necessary
- Password Policies - Allows you to setup your own password rotation policy
- Integrated - Integrates with many different AWS services
- Compliance - Supports PCI DSS compliance (for any application associated with he payment card industry)
3
Q
What is IAM logic structure?
A
- Users - end users on aws
- Groups - Logical grouping of user
- Roles - You create roles and can then assign them to users, applications and services to give access to AWS resources.
-
Policy
- A document that defines one or more permissions
- An IAM policy can be attached to a User, Group or Role.
4
Q
IAM Policy Simulator?
A
- Test IAM permissions before you commit them to production
- Validate that the policy works as expected
- You can also test policies attached to existing users - great for troubleshooting
- https://policysim.aws.amazon.com
5
Q
Give example of a role which gives access to everything?
A
{
“Version”: “2012-10-17”,
“Statement” :
[
{
“Effect” : “Allow”,
“Action”: “*”,
“Resource”: “*”
}
]
}