6_Managing Access Permissions at Scale with IAM

Flashcards on AWS IAM management strategies like IAM groups, RBAC, and ABAC.

What is the main challenge of managing individual access permissions at scale?

Managing individual permissions becomes increasingly difficult to maintain as things change, leading to increased effort and potential errors.

How do IAM groups simplify permission management?

IAM groups allow you to attach permissions to multiple users at once, simplifying permission management.

Can you sign in with an IAM group?

IAM groups do not have security credentials and cannot be used to sign in.

Can IAM groups be nested?

Users can belong to more than one group, but groups cannot be nested.

What happens when a user has a policy that is more restrictive than their group policy?

Permissions directly attached to a user override group permissions if the user policy is more restrictive.

What is Role-Based Access Control (RBAC)?

Role-Based Access Control (RBAC) involves creating IAM policies for job roles and putting users into groups based on their job functions.

What is a disadvantage of RBAC?

Each new resource added to multiple roles requires updating each of the policies that need access.

What is Attribute-Based Access Control (ABAC)?

Attribute-Based Access Control (ABAC) defines permissions based on attributes (key-value pairs).

What are attributes called in AWS?

Tags

Where can tags be applied and for what purposes?

Tags can apply to IAM users/roles and AWS resources, and can be used for access control, billing, and filtering views.

What are the steps to apply ABAC to your organization?

Create IAM users/roles and assign attributes, require attributes for all new resources, and configure access permissions based on those attributes.