Warsames blog

Iam Review

2024-06-13

IAM Review Identity Access Management service enables users and organizations to distinguish who has access to certain resources. IAM ensures identification, authentication through biometric features and MFA and authorization based on certain criteria through roles inorder to seamlessly provide a safe and secure environment. IAM offers governance and compliance through following strict guidelines. We use IAM access advisor and IAM credentials report to audit and see the status of various credentials such as access keys and mfa activity. IAM is efficient in how they have Iam solutions to streamline the process of granting and revoking access. Especially important in bigger enterprises where employees come and go at a rapid rate. Iam has a seamless login and logout process. You can create MFA for your IAM user, you can create a password for your IAM user, it comes with credentials so that you can use it to access your account and run AWS commands in your account in the CLI.

Practice Questions: Here are some practice IAM questions to help prepare for the AWS Certified Developer Associate exam:

  1. How can you grant an AWS Lambda function access to an Amazon S3 bucket?[1][3] A) Create an IAM user with the required permissions and store the access keys in the Lambda environment variables B) Create an IAM role with a policy granting the required permissions and assign it to the Lambda function C) Create an IAM group with the required permissions and add the Lambda function’s ARN to the group D) Create an IAM user with the required permissions and pass the access keys to the Lambda function via the event data
  2. You need to provide access for an on-premises application to upload files to an S3 bucket. What is the most secure way to accomplish this?[1][3] A) Create an IAM user with programmatic access and embed the access keys in the application code B) Use AWS Security Token Service to generate temporary security credentials C) Create an IAM role with a policy granting the required permissions and use cross-account access D) Create an IAM user with programmatic access and store the access keys in a secure storage system
  3. You are building a serverless application using AWS Lambda and want to ensure least privilege access. Which IAM feature should you use?[1][4] A) IAM Roles B) IAM Groups  C) IAM Policies D) IAM Users
  4. How can you allow an EC2 instance to access an Amazon DynamoDB table?[1][3] A) Create an IAM role with the required permissions and assign it to the EC2 instance B) Create an IAM user with the required permissions and store the access keys on the EC2 instance C) Create an IAM group with the required permissions and add the EC2 instance’s ARN to the group D) Create a VPC endpoint for DynamoDB and configure a security group to allow access The correct answers with explanations:
  5. B) Create an IAM role with a policy granting the required permissions and assign it to the Lambda function[1][3]
  6. B) Use AWS Security Token Service to generate temporary security credentials[1][3] 
  7. A) IAM Roles[1][4]
  8. A) Create an IAM role with the required permissions and assign it to the EC2 instance[1][3] IAM roles are the recommended way to grant permissions to AWS resources like Lambda functions and EC2 instances. Embedding access keys in code or storing them on instances is insecure. IAM policies define permissions, while roles and users/groups are assigned those policies. For least privilege access in serverless, use IAM roles. How can you grant an AWS Lambda function access to an Amazon S3 bucket? A) Create an IAM user with the required permissions and store the access keys in the Lambda environment variables B) Create an IAM role with a policy granting the required permissions and assign it to the Lambda function C) Create an IAM group with the required permissions and add the Lambda function’s ARN to the group D) Create an IAM user with the required permissions and pass the access keys to the Lambda function via the event data You need to provide access for an on-premises application to upload files to an S3 bucket. What is the most secure way to accomplish this? A) Create an IAM user with programmatic access and embed the access keys in the application code B) Use AWS Security Token Service to generate temporary security credentials C) Create an IAM role with a policy granting the required permissions and use cross-account access D) Create an IAM user with programmatic access and store the access keys in a secure storage system You are building a serverless application using AWS Lambda and want to ensure least privilege access. Which IAM feature should you use? A) IAM Roles B) IAM Groups C) IAM Policies D) IAM Users How can you allow an EC2 instance to access an Amazon DynamoDB table? A) Create an IAM role with the required permissions and assign it to the EC2 instance B) Create an IAM user with the required permissions and store the access keys on the EC2 instance C) Create an IAM group with the required permissions and add the EC2 instance’s ARN to the group D) Create a VPC endpoint for DynamoDB and configure a security group to allow access

The correct answers with explanations: B) Create an IAM role with a policy granting the required permissions and assign it to the Lambda function B) Use AWS Security Token Service to generate temporary security credentials A) IAM Roles A) Create an IAM role with the required permissions and assign it to the EC2 instance

© 2018 - 2024 by Lednerb
Bilberry Hugo Theme