Managing identities in AWS CSCS404 Assignment
- Subject Code :
CSCS404
- University :
others Exam Question Bank is not sponsored or endorsed by this college or university.
- Country :
Canada
Program: CS
Course: Cloud Security
Assignment 4: Managing identities in AWS
Name: ___________________________________
Part A: Users, groups, and roles
- When you create the first account in AWS, which is the account type? What your recommendation is regarding the use of that account?
- If you have a team of multiple developers who are working on the same project and if you want to provide similar permissions on AWS, how do you manage the teams privileges?
- What are the two authentication methods to access AWS services? How services are accessed in each case?
- You need an EC2 instance to execute some AWS Lambda code when an event is triggered. What do you need to do general in terms?
Part B: Policies
5. What two possibilities do you have when creating IAM policies through the dashboard?
6. Regarding IAM policies, indicate four actions among the options in the List category for a S3 bucket.
7. What is the element Principal in a resource policy used for? Enumerate 4 types of principals.
8. George created an IAM policy to grant read access to all objects in a bucket of his company. What is wrong with the policy George created?
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListObjectsInBucket",
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::acme-bucket"]
},
{
"Sid": "ReadObjectsInBucket",
"Effect": "Allow",
"Action": "s3:*Object",
"Resource": ["arn:aws:s3:::acme-bucket/*"]
}
]
}
9. Fix the policy above so it complies with the least privilege principle.
10. Write a policy allowing to create volumes for any EC2 instance. Use todays date for the Version element and include your first name in the Sid element.
11. Rewrite the previous policy so that it applies only to instances tagged as testing for the environment (these are the tags key and value).
