Advanced Vocabulary #cloud-security#iam#aws

Cloud Security Vocabulary

5 exercises — Practice cloud security vocabulary in English: IAM, RBAC, ABAC, least privilege, VPC, security groups, KMS, WAF, CSPM, and assume role patterns.

Core cloud security vocabulary clusters
  • Identity: IAM user, role, group, policy, principal, assume role, service account, OIDC federation
  • Access control: RBAC (role-based), ABAC (attribute-based), least privilege, permission boundary, SCPs (Service Control Policies)
  • Network security: VPC, security group (stateful), NACL (stateless), private subnet, VPC endpoint, PrivateLink
  • Data & detection: KMS (key management), envelope encryption, WAF, GuardDuty, CSPM, CloudTrail, Config
0 / 5 completed
1 / 5
A cloud architect explains IAM roles to a developer who has been using long-lived access keys:
"Stop using access keys for your EC2 instances. Attach an IAM role to the instance instead. The instance metadata service vends temporary credentials — access key, secret key, and session token — that rotate automatically every hour. Your application uses the AWS SDK, which picks up these credentials automatically. No secrets in code, no secrets in environment variables. If credentials leak, they expire within an hour. This is the correct way to grant AWS permissions to workloads running in AWS."
What is the security advantage of an IAM role over long-lived IAM access keys?