1. What is AWS IAM?

Answer: Amazon Web Services, Identity and Access Management (AWS IAM).

In other words, AWS IAM has a specific way of handling access and consent control within the organisation.

IAM has overall control over who can use the assets and under what conditions they can be used. These are also classified as Authentication and Authorisation.

2. Are IAM users and root users the same?

Answer: No, The IAM user is a subset of the root user. The root user is also referred to as the master user.

3. How is authentication controlled in the IAM service?

Answer: Manages federated users

You can manage the users. You can control access keys, passwords, and multi-factor authentication.

4. In the IAM service, can we monitor the IAM user activity?

Answer: Yes, you can monitor the activities of IAM users. If there is any violation, you can remove Access for the IAM user.

5. What is Authorisation in terms of the AWS IAM service?

Answer: It’s to provide Authorisation for specific AWS resources – not all.

6. What is federated user access management?

Answer: A user who is allowed to access AWS resources from third-party vendors – such as Google, Facebook, LinkedIn, Corporate credentials, etc.

7. What’s the other name of the IAM user?

Answer: You can also be referred to as an IAM entity.

8. How to control Authorisation in AWS IAM?

Answer: You can control Authorisation by creating policies.

9. What are the 5 top security credentials in AWS IAM?

Answer: Key pair

The Email address and Password

User ID and Password

Access Keys

Multi-factor authentication

10. What is CloudTrail in AWS?

Answer: It’s a service that records the logs of each IAM entity so that you can use these logs for auditing and compliance purposes.

In these logs, you will get answers for what, where, when, who,which

What was the request about?

Where was the request made from and made to?

When was the request made?

Who made the request?

Which resources were acted upon in response to the request?

11. What are AWS IAM roles?

Answer: Grop – These people will have the same kind of Access

User–Specific IAM entity

12. What are Temporary Security Credentials?

Answer: These are short-lived security credentials. These can be created using the AWS STS service (AWS Security Token Service).

13. What is the IAM Hierarchy of Privileges?

Answer:  IAM user

Root user

User with temporary credentials

14. What are the top AWS IAM Roles?

Answer: In AWS IAM, there are two types of roles. The IAM user will have a permanent identity. The federated user will not have an identity.

15. What are the features of AWS IAM?

Answer: There are many features of AWS IAM few of them would be:

Identity federation

Secure Access to AWS resources for applications that run on Amazon EC2

Granular permissions

Multi-factor authentication (MFA)

Integrated with many AWS services

Free to use

16. In what ways can AWS IAM be used?

Answer: You can work with AWS IAM in various ways, such as:

AWS SDKs

AWS Management Console

IAM HTTPS API

AWS Command Line Tools

17. What are the terms of AWS IAM?

Answer: The IAM terms include IAM Entities, IAM Resources, and IAM Identities.

18. What is ‘Principal’ in IAM?

A principal is an application or person who can request an operation or action on an AWS resource.

19. What is ABAC for AWS?

Answer: Attribute-based access control (ABAC) is an authorisation strategy that defines permissions based on attributes. In AWS, these attributes are referred to as tags.

20. What are the security features outside IAM?

Answer: Some of the security features outside IAM include Amazon EC2, Amazon RDS, Amazon WorkSpaces, and Amazon WorkDocs.

21. Do I need to sign up for IAM?

Answer: To use IAM, you do not need to sign up. You must first create an account to use IAM if you do not already have one. There is no charge for using IAM.

22. Why would one use the feature of giving Access to users using an AWS account?

Answer: Assume you want to add users to your AWS account and require them to use IAM attributes or have access to specific resources. In that case, you can use the feature of granting Access to AWS account users.

23. How can one set up AWS IAM?

Answer: AWS Identity and Access Management (IAM) enables you to securely manage access to Amazon Web Services (AWS) and account assets. Your account qualifications can also be kept private by IAM.

24. Can one access all the features of AWS with only one account?

Answer: One might obtain the characteristics that have been granted to them, and the Authorisation can control the permissions. You can also enable access to resources across AWS accounts in some cases.

25. What are some of the things you can do using IAM?

Answer: Some of the services offered by AWS IAM are:

Manage passwords for IAM users

List the users in your AWS account and get information about their credentials

Manage permissions for IAM users

Add multi-factor authentication (MFA)

Tag IAM resources

View the actions, resources, and condition keys for all services

26. What is the difference between IAM roles and IAM users?

Answer: IAM users typically hold long-term credentials linked to individuals or applications. Roles, on the other hand, serve to assign access and don’t hold permanent credentials; instead, they provide temporary credentials that individuals, services, or programs may assume for temporary tasks or projects.

27. What is a policy in IAM?

Answer: Policy refers to any JSON document that defines permissions. IAM rules allow you to decide who may utilise AWS services and resources; policies can be set based on either person identification (such as user, group, or position identification) or resources, like an S3 bucket.

28. What are the types of IAM policies?

Answer:  Manage policies (both customer-managed and AWS-managed).

Align with Policies

Guidelines and permissions available

Policies for Sessions

Service Control Policies, or SCPs, are specific to AWS companies and should be carefully adhered to during sessions.

29. What is the maximum number of IAM users per AWS account?

Answer: An AWS account allows up to 5,000 IAM users by default; you may extend this limit by reaching out to AWS support.

30. What is the IAM policy simulator?

Answer: AWS provides an IAM policy simulator tool, which lets you test and debug IAM policies to determine whether specific permissions for operations on AWS resources are permissible or disallowed.

31. What are permissions boundaries in IAM?

Answer: To assess which actions on AWS resources require permission or are prohibited, AWS provides the IAM Policy Simulator so you may test and debug IAM policies.

32. What are the differences between AWS STS and IAM?

Answer: IAM oversees permanent users and roles.

When dealing with federated users, apps, or IAM roles that use temporary login credentials for login access purposes, STS (Security Token Service) offers temporary login credentials.

Temporarily elevated access, or cross-account access, can often be provided using STS.

33. Can IAM roles be assumed across accounts?

Answer: By establishing trust relationships using resource-based rules and STS AssumeRole, it is possible to assume IAM roles across multiple AWS accounts.

34. What is a trust policy?

Answer: An IAM role includes a trust policy, which determines which principal can assume that role for cross-account access or use of AWS services.

35. What is the maximum size of an IAM policy?

Answer: An IAM policy document with inline policies or managed policy documents typically has a character limit of up to 6,144 characters.

36. Explain how to enable cross-account access using IAM.

Answer: Craft a trust policy that permits source accounts to play an active role in target accounts.

Provide your job with all required permission policies.

For accessing resources within an account from another, use STS: AssumeRole.

37. What is an IAM access analyser?

Answer: Finding resources shared between accounts or services within your company and external parties (such as other accounts, services, or the general public) becomes much simpler using IAM Access Analyser. Its unintentional access detection capability helps pinpoint any unwanted access.

38. What is the use of tags in IAM?

Answer: IAM users, roles, or groups may all utilise tags – key-value pairs that serve to dynamically control ABAC policies as well as efficiently organise and allocate costs.

39. Can an IAM policy deny access explicitly?

Answer: Indeed. “Deny” is an explicit way for an IAM policy to deny access, and all allow explicit denials supersede permissions.

40. Scenario-Based: How would you allow a third-party app to upload files to a specific S3 bucket without giving full access to your account?

Answer: Establish an IAM role with bucket-specific rights and restricted S3 access.

Craft a trust policy that authorises third-party apps or accounts.

Equip the app with AWS STS so it can complete its work effectively.

41. What is the difference between identity-based and resource-based policies?

Answer: IAM identities, such as users, groups, and roles, are linked with identity-based policies.

AWS resources such as S3 and Lambda come equipped with resource-specific rules dictating who may access them.

42. What is least privilege access in IAM?

Answer: Least privilege refers to providing only those privileges necessary for someone or a service to fulfil its responsibilities effectively and efficiently.

43. What happens when a policy has both Allow and Deny statements?

Answer: An explicit Denial will always take precedence over any allows issued for an activity by users.

44. How can you monitor IAM policy changes?

Answer: Use AWS CloudTrail to monitor changes to IAM policies and activities, while Amazon EventBridge rules can notify of IAM activities.

45. What are some best practices for IAM?

Answer: Enable multi-factor authentication on every user; use roles rather than root users, rotate access keys frequently and use IAM Access Analyser before delegating administration duties to other individuals. Apply permission restrictions as appropriate when delegated administration occurs.