Skip to content

IAM Exam Tips

  • IAM is universal; It does not apply to regions at this time.
  • A Root Account is simply the account created when first setting up an AWS account. It has complete Admin access and should not be used for day-to-day activities.
  • When first created, new users have *NO permissions. Permissions must be explicitly given via a group or policy.
  • New users are asssigned Access Key ID & Secret Access Keys when first created. These are not the same as a password and cannot be used to login to the AWS Console; instead, they are used to access AWS via the APIs and Command Line.
  • You can only view the Access Key ID & Secret Access key once. If you lose them, you must regenerate them. Save them in a secure location.
  • Always setup *Multifactor Authentication (MFA) on your root account.
  • You can create and customize your own password rotation policies.

Policy Document Example

{
    "Version": "2012-10-17",
    "Statement":
    [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}