Table of Contents
Question
Which guidelines are best practices for using AWS Identity and Access Management (IAM)? (Choose two.)
A. Share access keys.
B. Create individual IAM users.
C. Use inline policies instead of customer managed policies.
D. Grant maximum privileges to IAM users.
E. Use groups to assign permissions to IAM users.
Answer
B. Create individual IAM users.
E. Use groups to assign permissions to IAM users.
Explanation
The correct answers are B. Create individual IAM users and E. Use groups to assign permissions to IAM users.
The explanation is as follows:
- Creating individual IAM users is a best practice for using AWS Identity and Access Management (IAM), because it allows you to control who can access your AWS resources and what actions they can perform. By creating individual IAM users, you can also enforce the principle of least privilege, which means granting only the minimum permissions required for each user to perform their tasks. Additionally, creating individual IAM users enables you to monitor and audit the activity of each user in your AWS account.
- Using groups to assign permissions to IAM users is another best practice for using AWS Identity and Access Management (IAM), because it simplifies the management and maintenance of your IAM policies. By using groups, you can assign a set of permissions to multiple users at once, instead of attaching policies to each user individually. This way, you can also ensure consistency and avoid errors or conflicts in your permissions. Furthermore, using groups makes it easier to add or remove users from a group, or change the permissions of a group, without affecting other groups or users.
The other options are not best practices for using AWS Identity and Access Management (IAM), because they may compromise the security and efficiency of your AWS account. For example:
- Sharing access keys (option A) is not a best practice for using AWS Identity and Access Management (IAM), because it exposes your credentials to unauthorized or malicious users, who may use them to access your AWS resources or incur charges on your behalf. Sharing access keys also makes it difficult to track and audit the activity of each user in your AWS account. Instead of sharing access keys, you should create individual IAM users with their own access keys, or use temporary credentials with IAM roles.
- Using inline policies instead of customer managed policies (option C) is not a best practice for using AWS Identity and Access Management (IAM), because it increases the complexity and redundancy of your IAM policies. Inline policies are policies that are embedded in a single IAM user, group, or role, and cannot be reused by other entities. Customer managed policies are standalone policies that you create and manage in your AWS account, and can be attached to multiple entities. By using customer managed policies, you can reduce the number of policies in your account, avoid duplication or inconsistency in your permissions, and apply changes to multiple entities at once.
- Granting maximum privileges to IAM users (option D) is not a best practice for using AWS Identity and Access Management (IAM), because it violates the principle of least privilege, which means granting only the minimum permissions required for each user to perform their tasks. Granting maximum privileges to IAM users may expose your AWS resources to unauthorized or malicious access, modification, or deletion. It may also increase the risk of human errors or accidents that may affect your AWS resources or operations. Instead of granting maximum privileges to IAM users, you should use IAM policies to define fine-grained permissions for each user based on their roles and responsibilities
Amazon AWS Certified Cloud Practitioner CLF-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner CLF-C02 exam and earn Amazon AWS Certified Cloud Practitioner CLF-C02 certification.