Skip to Content

Getting Started with Security: IAM Best Practices to Enforce Least Privilege

Learn how to audit IAM permissions and enforce the principle of least privilege using IAM Access Analyzer and IAM Credential Reports. Discover IAM best practices for securely managing user access in AWS.

Table of Contents

Question

What can you do in IAM to help you evaluate whether the principle of least privileged is being enforced? (Choose TWO.)

A. Use the IAM Access Analyzer to help fine grain the IAM users’ permissions.
B. Create a single IAM user and provide the login credentials to users with the same job unctions.
C. Use the IAM credential report to perform audits.
D. Provide the IAM user with a limited set of permissions and increase as needed.
E. Provide the IAM user with a broad set of permissions and scale back as needed.

Answer

A. Use the IAM Access Analyzer to help fine grain the IAM users’ permissions.
D. Provide the IAM user with a limited set of permissions and increase as needed.

Explanation

To enforce the principal of least privileged, you want to start with limited permissions for users and increase them as necessary. Groups can be helpful in organizing users with similar access needs. IAM Access Analyzer can help you fine grain access as needs may change over time.

IAM Credential Report is not correct, because it helps to audit and make sure credential policies are enforced. It does not help with permission policies.

Getting Started with Security EDSECUv1EN-US assessment question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Getting Started with Security EDSECUv1EN-US assessment and earn Getting Started with Security EDSECUv1EN-US badge.