iam

Question 1

What is AWS IAM?

Answer 1

IAM (Identity and Access Management) is a global AWS service that controls who can access AWS resources and what actions they can perform.

Question 2

Is IAM a regional or global service?

Answer 2

IAM is a global service.

Question 3

What is an IAM identity?

Answer 3

An IAM identity is an entity that can be authenticated by AWS and granted permissions to access AWS resources.

Question 4

What are the three IAM identities?

Answer 4

IAM User; IAM Role; Root User.

Question 5

Is an IAM group an IAM identity?

Answer 5

No. IAM groups cannot authenticate and are not IAM identities.

Question 6

Is a policy an IAM identity?

Answer 6

No. Policies only define permissions and cannot authenticate.

Question 7

What is an IAM user?

Answer 7

An IAM user represents a person or application with long-term credentials and assigned permissions.

Question 8

What credentials can an IAM user have?

Answer 8

Username and password for the AWS Console and access key and secret key for CLI or SDK.

Question 9

How does an IAM user get permissions?

Answer 9

Through policies attached directly or policies inherited from groups.

Question 10

What is an IAM role?

Answer 10

An IAM role is an identity that provides temporary credentials and must be assumed.

Question 11

Does an IAM role have long-term credentials?

Answer 11

No. IAM roles only use temporary security credentials.

Question 12

Who can assume an IAM role?

Answer 12

IAM users; AWS services like EC2 or Lambda; other AWS accounts; external identity providers.

Question 13

What is the most common use of IAM roles?

Answer 13

Granting permissions to AWS services such as EC2 accessing S3.

Question 14

What is the root user?

Answer 14

The root user is the original identity created with the AWS account and has unrestricted access.

Question 15

Can IAM policies restrict the root user?

Answer 15

No. The root user cannot be restricted by IAM policies.

Question 16

When should the root user be used?

Answer 16

Only for account-level tasks like closing the account or changing the support plan.

Question 17

What is an IAM policy?

Answer 17

A JSON document that defines permissions using Effect

Question 18

What are the three main types of IAM policies?

Answer 18

AWS managed policies; customer managed policies; inline policies.

Question 19

What is an AWS managed policy?

Answer 19

A policy created and maintained by AWS and automatically updated.

Question 20

What is a customer managed policy?

Answer 20

A custom policy created by the customer and reusable across multiple identities.

Question 21

What is an inline policy?

Answer 21

A policy directly attached to a single identity and not reusable.

Question 22

Are inline policies recommended?

Answer 22

No. Managed policies are preferred.

Question 23

How are permissions granted in AWS?

Answer 23

Permissions are granted only through policies.

Question 24

Are policies the only way to grant permissions in AWS?

Answer 24

Yes. All permissions in AWS are defined by policies.

Question 25

Do policies do anything by themselves?

Answer 25

No. Policies must be attached to an identity or resource to have an effect.

Question 26

What are identity-based policies?

Answer 26

Policies attached to users

Question 27

What are resource-based policies?

Answer 27

Policies attached directly to resources such as S3 bucket policies.

Question 28

What is a permission boundary?

Answer 28

A policy that limits the maximum permissions an identity can have.

Question 29

What is a Service Control Policy (SCP)?

Answer 29

A policy used in AWS Organizations to limit permissions across accounts.

Question 30

What rule always overrides all others in IAM?

Answer 30

An explicit Deny always wins.

Question 31

Authentication

Answer 31

- Who is this person? - Are they who they say they are?

Question 32

Authorization

Answer 32

- What can this user do? - What can this user access?