IAM Flashcards

Question 1

Q

What is an AWS Role?

Answer

A

A role is an identity you create that has specific permissions on AWS resources.
It is assumable by entities that need it.
Roles are temporary.

Question 2

Q

Who can assume a role?

Answer

A

Question 3

Q

What do you attach to a group to assign priviliges to that group?

Answer

A

A policy.

Question 4

Q

How are Roles and Users similar in IAM? How are they different?

Answer

A

Both are assigned policies to grant access to resources but where Roles are temporary and assumable, Users are permanent.

Question 5

Q

What is AWS STS

Answer

A

Security Token Service - Allows for creation of temporary users and access privileges

Question 6

Q

When you create a policy.. what can you assign it to?

Answer

A

Question 7

Q

Does it make sense to attach a Policy to an EC2 instance?

Answer

A

NO!!!! You attach policies to Roles, and attach Roles to Instances

Question 8

Q

What are these in IAM? What is an example of each?

Answer

A

A user is an individual who can log into AWS console or use the CLI using access keys. A User CAN be assigned access policies, though this is not the best practice.
A group is a collection of users with common access needs in AWS. You should add access policies to a group, then assign users to a group
A role is similar to a user, but a role can never log in. It is an identity assumable by anyone or anything that needs it, and it grants temporary AWS access.

Question 9

Q

What do each of these managed IAM policies grant?

Answer

A

AdministratorAccess - Grants full access to everything in AWS
PowerUserAccess - Developer access for application development and partial Organisation access. Grants everything but IAM access
SystemAdministratorAccess - No Organization level access

Question 10

Q

How can you create and grant temporary token-based access to AWS resources?

Answer

A

AWS STS (Stimple Token Service)

(10 cards)