13_Authorizing Users

Flashcards about AWS Identity and Access Management (IAM) policies.

What is the purpose of IAM policies?

Policies define permissions and are used to authorize access to AWS resources.

What does it mean for an IAM policy to be identity-based?

Attached to a user, group, or role, they indicate what the identity is allowed to do.

What does it mean for an IAM policy to be resource-based?

Attached to an AWS resource (e.g., S3 bucket), they define who can access the resource.

How are IAM policies formatted?

JSON documents that define permissions that are allowed or denied.

In IAM policy evaluation, what overrides an explicit allow?

Explicit deny

In IAM policy evaluation, what happens if there isn't an explicit deny and there is an explicit allow?

The permission is granted.

If there is no explicit allow in IAM policy evaluation, what happens to the request?

The request is denied by default.

If two IAM policies contradict each other, which policy is applied?

The most restrictive policy is applied.

If Bob has an identity-based policy allowing get, put, and list on S3 bucket X, but the bucket's resource-based policy only allows get and list, what can Bob do?

Bob cannot put objects into bucket X.

In IAM, what are the two possible states for permissions and policies?

Either allowed or denied.

What is the default behavior for requests in IAM if there is no explicit allow?

All requests are denied.

Which takes precedence in IAM: an explicit allow or an explicit deny?

An explicit deny overrides any explicit allow.