Upgrade to remove ads
AWS Identity Access Management (IAM)
Terms in this set (20)
Identity Access Management
What is IAM?
Enables you to securely control access to AWS services and resources for your users. Create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.
What are some basic features of IAM?
1. Grant unique security credentials to users and groups to specify which AWS service APIs and resources they can access.
2. Granularity to control a user's access to specific AWS services and resources using permissions.
3. Create roles and assign permissions to them, allowing authenticated users or EC2 instances assume them
4. Assign a range of security credentials including passwords, key pairs, X.509 certificates, and multi-factor authentication (MFA), Leverage external identity systems (federation).
5. Seamlessly integrated into AWS services
What access to AWS resources do users have granted to them when they are created?
None. They have no access to anything.
What is Identity Federation?
Linking a person's electronic identity and attributes, stored across multiple distinct identity management systems (Single Sign-on). Federated users can be granted secure access to resources in your AWS account without having to create IAM users.
Where can Federated Users come from?
From a corporate identity provider (Microsoft Active Directory or the AWS Directory Service) or from a web identity provider, such as Amazon Cognito, Login with Amazon, Facebook, Google or any OpenID Connect (OIDC) compatible provider.
What is the process to authenticate with AD?
1. Navigate to Active Directory Federation Service (ADFS) webserver,
2. Enter single sign-on credentials,
3. Browser receives a SAML assertion from AD server,
4. Browser posts the SAML assertion to the AWS SAML endpoint. The AssumeRoleWithSAML API request is used to request temporary security credentials,
5. User is then able to access the AWS console.
True or False. Custom password rotation policies can be configured in IAM?
How does IAM work with regards to regions?
IAM is universal and shared across ALL regions.
True or False. You should NOT set up multi-factor authentication for the root account.
True or False. You can view access keys more than once.
False. A secret access key is accessible only at the time you create it. If a secret access key is lost, you must delete the access key for the associated user and create a new key.
What is the purpose of the root user account?
It is created the first time you sign into your AWS account. It has complete, unrestricted access to all resources in your AWS account, including billing information and the ability to change your password.
What is an IAM User account?
Create individual IAM users within your account that correspond to people or accounts within your organization. These are not separate accounts; they are users within your account. Each one has its own password and keys, but NO permissions when first created.
What permissions does the Power User policy give?
Allows access to all AWS services except management of users and groups w/in IAM.
What is an Access Key ID and what is it used for?
Access Key ID and Secret Access keys are used to authenticate with AWS CLI, the AWS SDKs, or the APIs for individual AWS services.
What is an IAM Group?
An IAM group is a collection of IAM Users. Use groups to specify permissions for a collection of users.
What is an IAM Role?
An identity with permission policies that determine what the identity can and cannot do in AWS. No credentials (password or access keys). Intended to be assumable by anyone who needs it (ex. federated users or applications)
What is an IAM Policy?
Policy is a (JSON) document that explicitly lists permissions. Specify Actions, Resources, and Effects.
What objects can an IAM Policy be attached to?
1. IAM user,
What is Security Access Markup Language (SAML)
XML-based, open standard data format for exchanging authentication and authorization data between parties, particularly between an identity provider and a service provider.
THIS SET IS OFTEN IN FOLDERS WITH...
AWS Solutions Architect Associate Test Questions
AWS Elastic Cloud Compute (EC2)
AWS Simple Storage Service (S3)
AWS Cloud Products, Services, and Terms
YOU MIGHT ALSO LIKE...
CISSP - Domain 5
CISSP - 5) Identity and Access Management Domain
CISSP Domain 5 Key Terms
OTHER QUIZLET SETS
unit test the wisdom books
Intro to Business Chapter 7
science midterm review
Social Studies test: Monday December 14, 2015