📋 IAM Cheat Sheet

Everything CLF-C02 candidates need to know about IAM users, groups, roles, policies, MFA, and least privilege.

Core Building Blocks

  • IAM is a global service.
  • Users represent people or workloads with long-term credentials.
  • Groups collect users and make permission management easier.
  • Roles are assumed temporarily by AWS services, applications, users, or external identities.
  • Policies are JSON permissions documents that allow or deny actions on resources.

Security Basics

  • Enable MFA on the root user and avoid using the root user for daily tasks.
  • Use least privilege: grant only the permissions needed to perform a task.
  • Prefer roles for AWS services and cross-account access.
  • Explicit Deny overrides Allow.
  • Use IAM Identity Center for workforce access across AWS accounts.

Exam Cues

  • Need temporary credentials? Think IAM role or AWS STS.
  • Need centralized workforce sign-in? Think IAM Identity Center.
  • Need account-level guardrails across accounts? Think Organizations SCPs.

Practice IAM Questions

Put your knowledge to the test with practice questions.

IAM Questions →Full CLF-C02 Quiz

More CLF-C02 Cheat Sheets

📋Cloud Concepts Cheat Sheet📋Shared Responsibility Cheat Sheet📋EC2 Cheat Sheet📋S3 Cheat Sheet📋VPC Cheat Sheet📋Pricing and Billing Cheat Sheet📋AWS Support Plans Cheat Sheet
← CLF-C02 Study HubFree Mock Exam7-Day Study Plan