AWS Interview Questions – IAM
1. [Asked in Infosys] What is AWS IAM?
Answer:
AWS IAM (Identity and Access Management) is a service that enables users to securely manage access to AWS resources. It allows defining who can access AWS services and what actions they can perform, ensuring security and control.
2. [Asked in TCS] What are the key components of AWS IAM?
Answer:
The main components of IAM are:
- Users โ Individual AWS identities.
- Groups โ Collection of users with common permissions.
- Roles โ Temporary access permissions for AWS services.
- Policies โ JSON-based rules defining permissions.
3. [Asked in Cognizant] What are IAM Policies, and how do they work?
Answer:
IAM Policies are JSON documents that define permissions for users, groups, or roles. They specify:
- Actions (what can be done, e.g.,
s3:ListBucket) - Resources (which AWS resources can be accessed)
- Effect (
AlloworDeny)
Example of a simple IAM policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example-bucket"
}
]
}4. [Asked in Wipro] What is the difference between an IAM User and an IAM Role?
Answer:
| Feature | IAM User | IAM Role |
|---|---|---|
| Definition | Represents a specific individual. | Assigned to AWS services or users temporarily. |
| Credentials | Requires username and password. | Uses temporary credentials. |
| Use Case | Direct login by humans. | Used by AWS services like EC2, Lambda. |
Example:
- A developer gets an IAM User account.
- An EC2 instance is assigned an IAM Role to access S3 without a password.
5. [Asked in IBM] What are IAM Groups? Why are they useful?
Answer:
An IAM Group is a collection of IAM Users that share common permissions. Instead of assigning policies to each user individually, you can assign them to a group.
Example:
- Developers Group โ Has access to EC2, S3.
- Admins Group โ Has full access to AWS services.
6. [Asked in Deloitte] What is an IAM Role, and how is it different from an IAM User?
Answer:
An IAM Role is an AWS identity that can be assumed by AWS services or users to perform actions. Unlike IAM Users, roles do not have long-term credentials; they use temporary access keys.
Example: An EC2 instance assumes an IAM Role to access an S3 bucket without needing credentials.
7. [Asked in Amazon] What is Multi-Factor Authentication (MFA) in AWS IAM?
Answer:
MFA adds an extra layer of security by requiring a second form of authentication (e.g., OTP on a mobile app) in addition to a password.
Example:
- Enabled for an IAM User who logs into AWS Management Console.
- MFA device options: Virtual MFA apps (Google Authenticator), Hardware MFA (YubiKey).
8. [Asked in Microsoft] How do IAM policies control access?
Answer:
IAM policies use a combination of Allow and Deny rules to control access:
- Explicit Deny โ Always overrides Allow.
- Explicit Allow โ Grants permission if no Deny exists.
- Implicit Deny โ Default state if no policy is attached.
Example:
{
"Effect": "Deny",
"Action": "s3:DeleteObject",
"Resource": "arn:aws:s3:::example-bucket/*"
}
This policy explicitly denies deletion of S3 objects.
9. [Asked in Google] What is an AWS Root User? How should it be secured?
Answer:
The AWS Root User is the account owner with full permissions over all AWS resources. Best practices for securing it include:
- Enable MFA for added security.
- Do not use it for daily operations (instead, create IAM Users with limited permissions).
- Restrict root user access using service control policies (SCPs).
10. [Asked in Flipkart] How can you enforce the principle of least privilege using IAM?
Answer:
The Principle of Least Privilege (PoLP) means granting users only the permissions they need to perform their tasks.
Best practices:
- Use IAM roles instead of static credentials.
- Assign IAM policies with least required permissions.
- Regularly audit IAM users, roles, and policies.
Example:
- A developer should not have full admin accessโonly permissions to manage EC2 and Lambda.
