Understand IAM

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/11

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 3:29 PM on 6/2/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

12 Terms

1
New cards

AAA Security Model

A foundational security framework standing for Authentication, Authorization, and Accounting/Auditing. Authentication confirms identity, Authorization defines what is permitted, and Accounting tracks what actions were performed.

2
New cards

AWS Root Account

The original account created when an AWS account is first established. Holds unrestricted access to all services and billing, and should be secured immediately and avoided for day-to-day use.

3
New cards

Principle of Least Privilege

A security best practice where users and services are granted only the minimum permissions required to perform their specific job function, and nothing more.

4
New cards

IAM User

An identity created within AWS IAM that represents a person or service needing access to AWS resources. By default, a newly created IAM user has zero permissions to view or interact with any service.

5
New cards

IAM User Group

A collection of IAM users that share the same permissions. Permissions assigned to a group automatically cascade down to all users within it, simplifying permission management at scale.

6
New cards

Console Access vs Programmatic Access

Two distinct access types for IAM users. Console access allows login to the AWS web interface. Programmatic access allows interaction with AWS via the CLI or SDK without ever logging into the console.

7
New cards

Service Account

An IAM user created for an AWS resource such as an EC2 instance rather than a human. Used to grant a resource programmatic access to interact with other AWS services without requiring console login.

8
New cards

AWS Account ID

A unique 12-digit identifier assigned to every AWS account. Required as the first prompt on the IAM user sign-in page to distinguish between identically named users across different AWS accounts.

9
New cards

IAM Sign-In URL

A unique URL automatically generated for each AWS account that pre-populates the 12-digit account ID on the login page. Can be customized to a human-readable alias to simplify user login.

10
New cards

AWS Account Alias

A custom, human-readable name that replaces the 12-digit account ID in the IAM sign-in URL. Configured by users with the appropriate permissions to make the login URL easier to remember and distribute.

11
New cards

MFA on Root Account

A critical first step after creating an AWS account, where multi-factor authentication is added to the root user to protect against unauthorized access to the account's highest privilege identity.

12
New cards

ARN (Amazon Resource Name)

A unique identifier assigned to AWS resources and identities including IAM users, roles, and MFA devices. Used throughout AWS to reference specific resources in policies and configurations.