A complete guide to prepare for AWS interviews with IAM concepts, roles, policies, groups, MFA, and best practices.
IAM Basics
Q1. What is IAM in AWS?
IAM (Identity and Access Management) is a web service that helps you securely control access to AWS services and resources. It lets you create and manage AWS users, groups, roles, and permissions.
Q2. What are the main components of IAM?
IAM has four main components:
• Users – Individual identities for people or applications.
• Groups – A collection of users.
• Roles – Temporary access with specific permissions.
• Policies – JSON documents that define permissions.
Q3. Is IAM a global or regional service?
IAM is a global service. It is not tied to any specific AWS region.
Q4. What is the AWS root user?
The root user is the account created during AWS sign-up with full administrative access. Its usage should be minimized because it poses a high security risk if compromised. Instead, use IAM users or roles with restricted permissions.
IAM Users & Groups
Q5. What is the difference between an IAM user and an IAM group?
User: A single identity with credentials and permissions.
Group: A collection of users with shared permissions applied at the group level.
Q6. Can a user belong to multiple IAM groups?
Yes, a single user can belong to multiple groups. The user inherits permissions from all groups.
Q7. Can IAM users have direct policies attached?
Yes, IAM users can have inline or managed policies directly attached to them, in addition to group-based policies.
Q8. What are IAM access keys used for?
IAM access keys (Access Key ID and Secret Access Key) are used for programmatic access to AWS through the CLI or SDKs. They should be rotated regularly for security.
IAM Roles
Q9. What is an IAM role?
An IAM role is an identity in AWS with specific permissions, but without long-term credentials like username/password. Roles are assumed by trusted entities (users, applications, or services).
Q10. How are IAM roles different from IAM users?
IAM User: Has permanent credentials.
IAM Role: Provides temporary access via STS tokens, usually for cross-account access or AWS services.
Q11. Can you attach an IAM role to a running EC2 instance?
Yes, IAM roles can be attached to a running EC2 instance via the instance’s IAM profile, allowing the instance to access AWS services without embedding credentials.
Q12. What is a service-linked role?
A service-linked role is a type of IAM role that is pre-defined by AWS for a specific service. It allows the service to access resources on your behalf.
IAM Policies
Q13. What is an IAM policy?
An IAM policy is a JSON document that explicitly allows or denies permissions to AWS resources.
Q14. What are the types of IAM policies?
• Managed policies – AWS-created or customer-managed reusable policies.
• Inline policies – Policies embedded directly in a single user, group, or role.
Q15. What is the difference between identity-based and resource-based policies?
Identity-based policies: Attached to IAM users, groups, or roles.
Resource-based policies: Attached directly to resources (like S3 bucket policies).
Q16. What is the IAM policy evaluation logic?
The default rule is “deny.” Policies are evaluated by combining explicit allows and denies. If there is no explicit allow, the request is denied. Explicit denies always override allows.
IAM Security
Q17. What is MFA in IAM?
MFA (Multi-Factor Authentication) adds an extra layer of security by requiring a second authentication factor (like an OTP device or app) along with a password.
Q18. What are IAM best practices?
• Enable MFA for all users.
• Use roles instead of root credentials.
• Follow the principle of least privilege.
• Rotate access keys regularly.
• Monitor IAM activity with CloudTrail.
Q19. What is AWS STS (Security Token Service)?
AWS STS is a service that issues temporary, limited-privilege credentials for users or applications that need to access AWS resources.
Q20. What is cross-account access in IAM?
Cross-account access allows one AWS account’s users or services to access resources in another AWS account using IAM roles and trust policies.
✅ Keep learning, keep practicing! This AWS IAM interview prep page will help you ace your interviews.
🔗 Follow for more guides on AWS, DevOps, and Cloud Engineering.
.png)
.png)
.png)
0 Comments