Top Amazon Identity and Access Management Interview Questions (2021) | CodeUsingJava
















Most frequently asked Amazon Identity and Access Management Interview Questions


  1. What is AWS Identity and Access Management (IAM)?
  2. What are the features of IAM?
  3. What are the key capabilities provided by AWS IAM?
  4. What are the different identities provided by IAM?
  5. How enable access to AWS STS AssumeRole?
  6. What is IAM Manager?
  7. How can we connect AWS Transfer for SFTP?
  8. What is an IAM role?How to assign IAM role to users or groups.
  9. What IAM permissions are needed to use CDK Deploy?
  10. How to rename an AWS customer IAM policy?


What is AWS Identity and Access Management (IAM)?

Amazon Identity and Access Management helps in enabling us to manage access AWS services and resources securely.It helps in building and managing AWS users and groups, for granting and denying access to AWS resources.
AWS IAM helps in conrolling the level of access users can have over an Amazon Account and also allows the users to use different features of AWS account.


What are the features of IAM?

The features of IAM are as follows:
  • Shared Access to our Account helps in sharing resources with help of the shared access features.
  • Free of cost - AWS IAM is free to use and also all the charges are added when we access other Amazon web services using IAM user.
  • Centralized control over your Aws account - Helps in new creation of users and grops of any form of cancellation.
  • Grant permission to the user - It holds the administrative rights and the users can grant permission to access.
  • Multifactor Authentication - It add layers of security implementing on our account by third part.

What are the key capabilities provided by AWS IAM?

Access control to AWS resources
Multi-factor authentication (MFA)
Federated access
Analytics


What are the different identities provided by IAM?

IAM Users is a resource in IAM that has associated credentials and permissions.
IAM Roles is an IAM identity that you can create in your account that has specific permissions.


How enable access to AWS STS AssumeRole?


let policy = {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "new-custom-id",
            "Effect": "Allow",
            "Action": ["s3:PutObject"],
            "Resource": ["arn:aws:s3:::my-bucket-name/*"]
        }
    ]
};

let params = {
    DurationSeconds: 3600,
    ExternalId: 'some-value',
    Policy: JSON.stringify(policy),
    RoleArn: "arn:aws:iam::NUMBER:role/ROLE-NAME", //Cheked, role is the same that step one
    RoleSessionName: this.makeNewSessionId()
};
let sts = new AWS.STS({ apiVersion: '2012-08-10' });

sts.assumeRole(params, (err, data) => {
    if(err) console.log(err);
    else console.log(data);
});



What is IAM Manager?

IAM managers is responsible for overseeing, It is a technical background for understanding the projects employees are responsible for. They are responsible for making decisions about the access related security practices.

How can we connect AWS Transfer for SFTP?

We can connect General policy to IAM role by using this code:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowListingOfUserFolder",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::my-s3-bucket"
            ]
        },
        {
            "Sid": "HomeDirObjectAccess",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObjectVersion",
                "s3:DeleteObject",
                "s3:GetObjectVersion"
            ],
            "Resource": "arn:aws:s3::: my-s3-bucket/*"
        }
    ]
}


What is an IAM role?How to assign IAM role to users or groups.

IAM role is an entity which defines a set of permissions for making AWS services request, they are not associated by a specific user or group.
We cannot assign IAM role to users or groups.


What IAM permissions are needed to use CDK Deploy?

We need CFN full access and S3 full access to the CDK staging bucket:


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "cloudformation:*"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Condition": {
                "ForAnyValue:StringEquals": {
                    "aws:CalledVia": [
                        "cloudformation.amazonaws.com"
                    ]
                }
            },
            "Action": "*",
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::cdktoolkit-stagingbucket-*",
            "Effect": "Allow"
        }
    ]
}


How to rename an AWS customer IAM policy?

We cannot rename an IAM policy but we can Copy, Create or Delete an IAM policy.