1.
What do you understand about IAM role and
how is it used within an environment?
·
This has to do with identity which reference
sets of permissions in referencing resources in AWS. Roles are used to grant
permission, for example S3 bucket as well as any other 3rd party
applications in order to access AWS resources.
Workflow:
-
Create IAM role.
-
Assign the IAM role to an AWS resource.
-
Assume the IAM role.
2.
Can you explain the difference between an
IAM user and an IAM role?
·
We use IAM user as an identity to authenticate
into the environment while IAM Role is that type of identity that is assumed to
perform certain task within the environment such as making API calls between AWS
services.
3.
Can you take me through the process of
creating and attaching IAM role to an s3 Bucket or any other AWS resource?
Workflow:
-
From IAM Choose Roles and Choose Create Role.
-
Select AWS Service, and then choose S3 under
Use Case.
-
Next is Permissions.
-
Create a custom policy to access your
S3 bucket with minimum required permissions.
-
Tag the resources for audit purpose and mapping.
-
Select a Role name, and then Create role.
4.
How is cross account access relates to
IAM role.
·
Cross-account IAM Role in a single account is
used to define access to resources. This can also relate to API calls between
two (2) AWS Resources. For example: The Lambda can access S3 bucket in production
environment through a clearly defined role to perform that function.
5. How to use CLI to enable S3 Versioning and configure MFA delete. RUN:
·
aws s3api put-bucket-versioning --bucket BUCKET1
--versioning-configuration Status=Enabled,MFADelete=Enabled --mfa "MFA
TOKEN #"
·
To Note, enabling MFA Delete using the AWS
Management Console is not possible, however, this must be performed via the AWS
Command Line Interface (AWS CLI) or the API.
No comments:
Post a Comment