Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
IAM
| Question | Answer |
|---|---|
| What is a Root Account? | Used for initial set up of AWS account Full admin privileges Best to use this account only to create an admin user who can then control account access and resources |
| What is a User? | In best practise, one physical user = one AWS user Individual log in capability for personnel requiring access to AWS account |
| What is a Group? | Individual users can be assigned to one or more groups depending on their access requirements, with access permissions then applied at group level instead of to each individual |
| What is a Role? | AWS resources can assume roles that give them permission to perform certain actions |
| What are Permissions? | Permissions are how the activities of users, groups and AWS resources are regulated and controlled |
| Outline the IAM Policy Structure | Version - 2012-10-17 ~ Id - ID Statement: ~ 1. Sid - Statement ID 2. Effect - Allow/Deny 3. Principal - Account/Users/Roles affected 4. Action - API calls allowed/denied 5. Resource - Resources affected ~ 6. Condition - When policy in effect |
| What is the Principle of Least Privilege? | Only giving users/groups/roles the MINIMUM permissions required to perform duties, to limit the capability for accidental or malicious harm |
| Give examples of possible IAM password requirements? | 1. Minimum length 2. Specific character types (uppercase, lowercase, numbers, symbols) 3. User password changes enabled/disabled 4. Regularity of password changes 5. MFA 6. Prevention of password re-use |
| What are the four ways AWS can be accessed? How are they protected? | 1. AWS Console Protected by user/pw/MFA 2. AWS CLI Protected by access keys 3. AWS SDK Protected by access keys 4. AWS CloudShell Protected by user/pw/MFA |
| What is an Access Key? | Created via management console Used to secure programmatic access to AWS services Access Key ~ Username Secret Access Key ~ Password |
| Describe the two IAM Security Tools | 1. IAM Credential Report - Account-Level - Lists all of an account's users and the status of their credentials 2. IAM Access Advisor - User-Level - Lists the service permissions granted to a user and when those services were last accessed |
| Outline some of the eight IAM Best Practise recommendations | 1. Root account = set-up only 2. One person = one user 3. Users -> Groups -> Permissions 4. Strong PW policy 5. Use MFA 6. Use roles for AWS services 7. Use Access Keys for programmatic access 8. Audit permissions with IAM Security Tools |
| What is MFA? | Multi-Factor Authentication 1. A password the user knows 2. A device the user owns Devices - Virtual MFA device (app) - Hardware Key Fob - Universal 2nd Factory Security Key (U2F) |
Created by:
katejimh
Popular Computers sets