AWS Cloud Practitioner Exam > IAM > Flashcards

IAM Flashcards

(16 cards)

Study These Flashcards
1
Q

What is IAM ?

A

IAM stands for Identity and Access Management. It is a service provided by AWS (Amazon Web Services) that helps you securely control access to AWS resources.
IAM enables you to manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.

IAM is crucial for managing secure access to AWS services and resources. It enables you to control who is authenticated (signed in) and authorized (has permissions) to use resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IAM: What are Users & Groups ?

A

Users: These are persistent identities set up within your AWS account to represent the people or services who use your account.

Groups: These are collections of users that you can use to manage permissions for a collection of users, rather than having to manage permissions for each individual user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are permissions ?

A

Permissions in the context of AWS IAM (Identity and Access Management) are the declarations of what actions are allowed or denied to a user, group, or role. Permissions are granted to AWS entities through IAM policies.

  • Users or Groups can be
    assigned JSON documents
    called policies
  • These policies define the
    permissions of the users
  • In AWS you apply the least
    privilege principle: don’t give
    more permissions than a user
    needs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are policies ?

A

Policies: These are objects in AWS that, when associated with an identity or resource, define their permissions. AWS evaluates these policies when a principal entity (user or role) makes a request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the IAM Policies Structure ?

A

–Consists of
Version: policy language version, always include “2012-10-17”
Id: an identifier for the policy (optional)
Statement: one or more individual statements (required)
–Statements consists of
Sid: an identifier for the statement (optional)
Effect: whether the statement allows or denies access
(Allow, Deny)
Principal: account/user/role to which this policy applied to
Action: list of actions this policy allows or denies Resource: list of resources to which the actions applied to
–Condition: conditions for when this policy is in effect
(optional)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the IAM – Password Policy ?

A
  • Strong passwords = higher security for your account
  • In AWS, you can setup a password policy:
    • Set a minimum password length
    • Require specific character types:
      including uppercase letters
      lowercase letters
      numbers
      non-alphanumeric characters
  • Allow all IAM users to change their own passwords
  • Require users to change their password after some time (password expiration)
  • Prevent password re-use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the IAM – Password Policy ?

A
  • Strong passwords = higher security for your account
  • In AWS, you can setup a password policy:
    • Set a minimum password length
    • Require specific character types:
      including uppercase letters
      lowercase letters
      numbers
      non-alphanumeric characters
  • Allow all IAM users to change their own passwords
  • Require users to change their password after some time (password expiration)
  • Prevent password re-use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Talk about Multi Factor Authentication - MFA

A

Users have access to your account and can possibly change
configurations or delete resources in your AWS account
* You want to protect your Root Accounts and IAM users
* MFA = password you know + security device you own

**Usrer password + MFA => succesful log in **

  • Main benefit of MFA:
    if a password is stolen or hacked, the account is not compromised
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some MFA app and devices options in AWS ?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How can users access AWS ?

A

To access AWS, you have three options:
* AWS Management Console (protected by password + MFA)
* AWS Command Line Interface (CLI): protected by access keys
* AWS Software Developer Kit (SDK) - for code: protected by access keys
* Access Keys are generated through the AWS Console
* Users manage their own access keys
* Access Keys are secret, just like a password. Don’t share them
* Access Key ID ~= username
* Secret Access Key ~= password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What’s the AWS CLI?

A
  • A tool that enables you to interact with AWS services using commands in
    your command-line shell
  • Direct access to the public APIs of AWS services
  • You can develop scripts to manage your resources
  • It’s open-source https://github.com/aws/aws-cli
  • Alternative to using AWS Management Console
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What’s the AWS SDK?

A

AWS Software Development Kit (AWS SDK)
* Language-specific APIs (set of libraries)
* Enables you to access and manage AWS services
programmatically
* Embedded within your application
* Supports
* SDKs (JavaScript, Python, PHP, .NET, Ruby, Java, Go, Node.js,
C++)
* Mobile SDKs (Android, iOS, …)
* IoT Device SDKs (Embedded C, Arduino, …)
* Example: AWS CLI is built on AWS SDK for Python

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are Rolser and IAM Roles for Services ?

A

Roles: These are sets of permissions that grant access to actions and resources in AWS. Unlike users, roles do not have long-term credentials (password or access keys) associated with them. Instead, if a user or service assumes a role, temporary security credentials are created dynamically and provided to the user or service.

  • Some AWS service will need to
    perform actions on your behalf
  • To do so, we will assign
    permissions to AWS services
    with IAM Roles
  • Common roles:
    • EC2 Instance Roles
    • Lambda Function Roles
    • Roles for CloudFormation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Some main IAM Security Tools ?

A
  • IAM Credentials Report (account-level)
    • a report that lists all your account’s users and the status of their various
      credentials
  • IAM Access Advisor (user-level)
    • Access advisor shows the service permissions granted to a user and when those
      services were last accessed.
    • You can use this information to revise your policies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the IAM Guidelines & Best Practices ?

A
  • Don’t use the root account except for AWS account setup
  • One physical user = One AWS user
  • Assign users to groups and assign permissions to groups
  • Create a strong password policy
  • Use and enforce the use of Multi Factor Authentication (MFA)
  • Create and use Roles for giving permissions to AWS services
  • Use Access Keys for Programmatic Access (CLI / SDK)
  • Audit permissions of your account using IAM Credentials Report & IAM
    Access Advisor
  • Never share IAM users & Access Keys
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the Shared Responsibility Model for IAM ?

AWS Cloud Practitioner Exam
flashcards
Decks in class (21)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions