Table of Contents
- 1 Which of the following is an IAM best practices?
- 2 What is a unique advantage of AWS IAM roles?
- 3 Which principle should you apply regarding IAM permissions?
- 4 What should I look for when reviewing an AWS KMS condition key?
- 5 What is IAM and why do you need it?
- 6 Can I assign an IAM role to an Amazon EKS node?
Which of the following is an IAM best practices?
IAM Best Practices Overview
- Enable multi-factor authentication (MFA) for privileged users.
- Use Policy Conditions for Extra Security.
- Remove Unnecessary Credentials.
- Use AWS-Defined Policies to Assign Permissions Whenever Possible.
- Use Groups to Assign Permissions to IAM Users.
What is a unique advantage of AWS IAM roles?
Using IAM policies, you grant access to specific AWS service APIs and resources. You also can define specific conditions in which access is granted, such as granting access to identities from a specific AWS organization or access through a specific AWS service.
What are three components of an IAM policy?
Policy types
- Identity-based policies – Attach managed and inline policies to IAM identities (users, groups to which users belong, or roles).
- Resource-based policies – Attach inline policies to resources.
- Permissions boundaries – Use a managed policy as the permissions boundary for an IAM entity (user or role).
Which principle should you apply regarding IAM permissions?
Grant least privilege. When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks.
What should I look for when reviewing an AWS KMS condition key?
If your policy includes a condition with a key–value pair, review it carefully. Examples include the aws:RequestTag/tag-key global condition key, the AWS KMS kms:EncryptionContext:encryption_context_key , and the ResourceTag/tag-key condition key supported by multiple services. Make sure that the key name does not match multiple results.
How do I verify that I have the correct AWS credentials?
Verify that you have the correct credentials and that you are using the correct method to sign in. For more information, see Troubleshooting AWS sign-in or account issues . The access key identifier. This is not a secret, and can be seen in the IAM console wherever access keys are listed, such as on the user summary page. The secret access key.
What is IAM and why do you need it?
Oftentimes, systems administrators use IAM software to not only protect sensitive data but also to block certain websites from office computers, limit access to external applications, and so on.
Can I assign an IAM role to an Amazon EKS node?
Even if you assign an IAM role to a Kubernetes service account, the pod still also has the permissions assigned to the Amazon EKS node IAM role, unless you block pod access to the IMDS. For more information, see Restricting access to the IMDS and Amazon EC2 instance profile credentials .