Udemy Lecture 2 Flashcards
Whats IAM? What is it a global or regional service?
stand for identity & access management (Its a global service not regional)
In _____ you create your users & assign them to groups
IAM
_________ is created by default (after that dont use it ore share it)
Root account
_______ are people within your organization & can be grouped (1 user represents 1 person) and you can create groups out of those users (think of it like a teacher grouping you for an assignment with your classmates)
users
Groups only contain _____ not other groups
users
Some users don’t have to belong to a group & other users can belong to ________ groups
multiple
Users or groups can be assigned JSON documents called ________
IAM policies
The _______ define the permission of the user
policies
In AWS you apply the least ___________- which is you dont give more permissions than a user needs
privilege principle
The user gains the permission of the _______ its in
group
You create users because on your AWS account you just have you the ________, so you create users (admin user) to allow you to use your account more safely
root user
You attach a policy at the __________ so that every user in the group gets the same root user policy
group level
If a user isnt in a group then you make an __________
inline policy
What is the structure of IAM Policy?
- Version (policy language version, which is usually always include “2012-10-17”
- ID (an identifier for the policy (optional))
- Statements (one or more individual statements (required)
What do statements consists of?
- SID (an identifier for the statement (optional)
- Effect (whether the statement allows or denies access (say allow if allow & deny if it denies)
- Principal (account/user/role to which the policy will be applied to)
- Action (list of actions this policy allows or denies)
-Resources (list of resources to which the actions applied to)
-Condition (conditions for when this policy is in effect (optional))
On the _______ form a star (*) mean anything (allowed to do anything, or everything, so if its on the action then means any action & if its on the resource means ny resource, which is another way of saying giving administrator access to anyone)
JSON
If there is a word in front of the star means you get access to ___________
whatever is in front of the word(ex. Get * (get access to anything that starts with “get”)
Strong passwords = ______________ (can set one up in AWS)
higher security for your account
Can allow IAM users to change their own passwords or __________ after some time (password expiration) & Can prevent password reuse so they cant use the same password twice
require user to change their passwords
Users have access to your account & can do things that you may not want to do so you want to protect your root accounts & IAM users with ______
MFA
_______ is just a password you know + security device you own
MFA
So even if an ______ is forgotten you would need the physical device of the owner
MFA
What are the different types of MFA you can use?
- You can use a virtual MFA device ( can use google authentication)
- Also can use a universal 2nd factor (U2F) security key (ex.Yubikey) n what it does is support for multiple root and IAM users using a single security key
-Can also use hardware key fob MFA device (ex. One by gemalto)
-If your involved with the government then could have a hardware key fob MFA device for AWS GovcloudOne by gemalto)
What are the 3 different ways to access AWS?
-AWS management console (protected by password + MFA)
-AWS command line interface (CLI) (protected by access keys)
-AWS software developer kit (SDK) (for code protected by access keys
