📋 IAM and Security Cheat Sheet

Security questions on SOA-C03 often combine IAM, CloudTrail, KMS, AWS Config, and preventive guardrails.

Access Evaluation

  • Explicit denies override allows.
  • Effective access can be limited by SCPs, permission boundaries, session policies, resource policies, and identity policies.
  • Use roles for AWS services and temporary cross-account access.
  • Use IAM Access Analyzer and CloudTrail to troubleshoot unintended access.

Encryption

  • KMS key policies control who can administer or use a key.
  • Grants provide scoped KMS permissions, often for AWS service integration.
  • S3 bucket policies can deny uploads that do not use required encryption headers.
  • Secrets Manager supports managed rotation for supported secrets.

Exam Cues

  • Need audit of who did what: CloudTrail.
  • Need detect noncompliant resource configuration: AWS Config.
  • Need aggregate security findings: Security Hub.
  • Need protect web apps at the edge: AWS WAF with CloudFront or ALB.

Practice IAM Questions

Put your knowledge to the test with practice questions.

IAM Questions →Full SOA-C03 Quiz

More SOA-C03 Cheat Sheets

📋CloudWatch Cheat Sheet📋Systems Manager Cheat Sheet📋Backup and Recovery Cheat Sheet📋CloudFormation Cheat Sheet📋VPC Cheat Sheet📋Route 53 Cheat Sheet📋CloudFront Cheat Sheet
← SOA-C03 Study HubFree Mock Exam7-Day Study Plan