📋 IAM and Security Cheat Sheet

Security questions on SOA-C03 often combine IAM, CloudTrail, KMS, AWS Config, and preventive guardrails.

Why This Cheat Sheet Matters for SOA-C03

This cheat sheet covers the most important AWS Identity and Access Management concepts tested on the SOA-C03 (AWS CloudOps Engineer Associate) certification exam. It contains 3 sections with 12 key points that you should memorize before exam day. Practice least privilege, roles, policies, permission boundaries, instance profiles, federation, MFA, and access troubleshooting. Use this as a quick-reference guide during your final review sessions.

3Sections
12Key Points

Access Evaluation

  • Explicit denies override allows.
  • Effective access can be limited by SCPs, permission boundaries, session policies, resource policies, and identity policies.
  • Use roles for AWS services and temporary cross-account access.
  • Use IAM Access Analyzer and CloudTrail to troubleshoot unintended access.

Encryption

  • KMS key policies control who can administer or use a key.
  • Grants provide scoped KMS permissions, often for AWS service integration.
  • S3 bucket policies can deny uploads that do not use required encryption headers.
  • Secrets Manager supports managed rotation for supported secrets.

Exam Cues

  • Need audit of who did what: CloudTrail.
  • Need detect noncompliant resource configuration: AWS Config.
  • Need aggregate security findings: Security Hub.
  • Need protect web apps at the edge: AWS WAF with CloudFront or ALB.

Practice IAM Questions

Put your knowledge to the test with practice questions.

IAM Questions →Full SOA-C03 Quiz

More SOA-C03 Cheat Sheets

📋CloudWatch Cheat Sheet📋Systems Manager Cheat Sheet📋Backup and Recovery Cheat Sheet📋CloudFormation Cheat Sheet📋VPC Cheat Sheet📋Route 53 Cheat Sheet📋CloudFront Cheat Sheet
← SOA-C03 Study HubFree Mock Exam7-Day Study Plan