- What’s AWS IAM? …
- Are root users and IAM users the same? …
- In the IAM service, can we monitor the IAM user activity? …
- How authentication is controlled in the IAM service? …
- What is federated user access management? …
- What is Authorization in terms of AWS IAM service?
AWS IAM Interview Questions | Cloud Architect
What are the key capabilities provided by AWS IAM?
AWS Identity And Access Management (IAM) provides the following key capabilities.
1. Access control to AWS resources – IAM enables fine-grained access control to AWS resources and APIs. IAM enables access control by specific conditions like – by time of day, by originating IP address, by SSL, by MFA etc.
2. Multi-factor authentication (MFA) – IAM provides the capability for MFA, which augments the basic authentication with MFA token/device based authentication.
3. Federated access – IAM provides the capability to grant access for AWS resources to existing employees of a company, using the companies existing identity system.
4. Analytics – IAM provides reporting capabilities to analyze the access provided across AWS resources and services.
11. Define MFA Support for IAM
Multifactor Authentication for IAM is the extra layer of security that ensures all accesses are secured.
It prompts users to enter their username and password before asking them to enter a generated code.
The code is provided on the MFA device associated with the AWS account. We can buy a hardware device to install a free virtual app for MFA to ensure secure login to our accounts with no additional cost.
14. Explain Access Keys for IAM Users
We can create access keys for AWS account root users or IAM users. The access keys are long-term credentials used for AWS CLI or AWS API programmatic requests. There are two parts that make up an access key—Access Key ID and Secret Access Key.
The access key ID and the secret access key work together—an absence of one of them will result in failure for an IAM user. They work together as username and password to authenticate the login.
Despite the double factor of access keys, Amazon encourages the use of IAM roles over access keys. The roles are confidential and only accessible privately by the IAM user or the account root user.
The users can easily view, create, and modify the access keys. Therefore, Amazon permits the use of two access keys simultaneously.
AWS IAM Interview Questions and Answers
IAM is an AWS service that allows users to create accounts and groups. It’s abbreviated for Identity and Access Management and used globally with no additional cost associated with it. Users can manage their access to the Amazon Web Services and its resources using IAM.
15. How Would You Set a User Password for IAM?
We can use an IAM console, IAM API, or AWS CLI to set the initial password for an IAM user. Once the initial process is completed, the passwords are never used in cleartext.
They also never appear or return through an API call. As IAM users, we can manage our passwords through the My Password page in the console.