click below
click below
Normal Size Small Size show me how
IAM
Question | Answer |
---|---|
What is a Root Account? | Used for initial set up of AWS account Full admin privileges Best to use this account only to create an admin user who can then control account access and resources |
What is a User? | In best practise, one physical user = one AWS user Individual log in capability for personnel requiring access to AWS account |
What is a Group? | Individual users can be assigned to one or more groups depending on their access requirements, with access permissions then applied at group level instead of to each individual |
What is a Role? | AWS resources can assume roles that give them permission to perform certain actions |
What are Permissions? | Permissions are how the activities of users, groups and AWS resources are regulated and controlled |
Outline the IAM Policy Structure | Version - 2012-10-17 ~ Id - ID Statement: ~ 1. Sid - Statement ID 2. Effect - Allow/Deny 3. Principal - Account/Users/Roles affected 4. Action - API calls allowed/denied 5. Resource - Resources affected ~ 6. Condition - When policy in effect |
What is the Principle of Least Privilege? | Only giving users/groups/roles the MINIMUM permissions required to perform duties, to limit the capability for accidental or malicious harm |
Give examples of possible IAM password requirements? | 1. Minimum length 2. Specific character types (uppercase, lowercase, numbers, symbols) 3. User password changes enabled/disabled 4. Regularity of password changes 5. MFA 6. Prevention of password re-use |
What are the four ways AWS can be accessed? How are they protected? | 1. AWS Console Protected by user/pw/MFA 2. AWS CLI Protected by access keys 3. AWS SDK Protected by access keys 4. AWS CloudShell Protected by user/pw/MFA |
What is an Access Key? | Created via management console Used to secure programmatic access to AWS services Access Key ~ Username Secret Access Key ~ Password |
Describe the two IAM Security Tools | 1. IAM Credential Report - Account-Level - Lists all of an account's users and the status of their credentials 2. IAM Access Advisor - User-Level - Lists the service permissions granted to a user and when those services were last accessed |
Outline some of the eight IAM Best Practise recommendations | 1. Root account = set-up only 2. One person = one user 3. Users -> Groups -> Permissions 4. Strong PW policy 5. Use MFA 6. Use roles for AWS services 7. Use Access Keys for programmatic access 8. Audit permissions with IAM Security Tools |
What is MFA? | Multi-Factor Authentication 1. A password the user knows 2. A device the user owns Devices - Virtual MFA device (app) - Hardware Key Fob - Universal 2nd Factory Security Key (U2F) |