Identity and Access Management (IAM) Strategies Flashcards
AWS Certified Solutions Architect Professional SAP-C02 Flashcards
| Front | Back |
| How do Attribute-Based Access Control (ABAC) differ from traditional IAM policies | ABAC assigns permissions based on tags or attributes attached to resources and identities, rather than static roles or users. |
| How do MFA and IAM policies work together to secure access | MFA adds an additional layer of security, and policies can enforce its use by requiring MFA authentication for specific actions. |
| How do resource ARNs impact IAM policies | ARNs specify the exact resource covered by a policy, allowing permissions to be targeted at individual resources. |
| How do Service Control Policies (SCPs) enhance security in AWS Organizations | SCPs define permissions boundaries for accounts in an organization to restrict actions regardless of individual IAM policies. |
| How do you implement fine-grained permissions in IAM policies | Use resource-level permissions, condition keys, and actions to specify precise access rules for your resources. |
| How does Access Analyzer assist with IAM security | Access Analyzer provides insights into resource sharing settings and flags risky or unintended public access permissions. |
| What happens if an IAM policy and SCP contradict each other | The SCP takes precedence, overriding permissions granted by the IAM policy and restricting the account's actions. |
| What is the difference between IAM users and federated identities | IAM users are created and managed in AWS directly, while federated identities leverage external identity providers for authentication. |
| What is the function of AWS Organizations in centralized IAM management | AWS Organizations allows you to group accounts and manage policies across them for centralized control and governance. |
| What is the key advantage of using federated authentication over IAM users | Federated authentication eliminates the need for AWS-managed credentials and integrates existing identity providers for better scalability. |
| What is the purpose of IAM roles in cross-account access | IAM roles allow secure granting of permissions to access resources in another AWS account without exposing credentials. |
| What is the role of SAML in federated authentication | SAML enables single sign-on (SSO) by exchanging authentication data between an identity provider and AWS. |
| When should you use AssumeRole for cross-account access | Use AssumeRole when an entity in Account A needs temporary permissions to access resources in Account B securely. |
| Why should you use a policy generator for complex IAM scenarios | Policy generators help create accurate policies by simplifying syntax and providing templates for fine-grained access management. |
About the Flashcards
Flashcards for the AWS Certified Solutions Architect Professional exam provide a focused review of AWS Identity and Access Management concepts essential for securing cloud resources. Each card explains how IAM roles facilitate cross-account access, how Service Control Policies and AWS Organizations set organization-wide boundaries, and why Multi-Factor Authentication, SAML, and federated identities strengthen authentication strategies.
By studying these cards you will practice interpreting policy statements, choosing between IAM users, roles, and ABAC tagging, and applying tools like Access Analyzer and policy generators to enforce least privilege. The deck helps you recall critical terminology, recognize exam-style scenarios, and fine-tune permissions with resource ARNs, condition keys, and AssumeRole patterns.
Topics covered in this flashcard deck:
- IAM roles and users
- Service Control Policies
- AWS Organizations governance
- Federated SAML & MFA
- Attribute-Based Access Control
- Access Analyzer insights