InterviewStack.io LogoInterviewStack.io

Cloud Identity and Access Management Questions

Comprehensive coverage of identity and access management in cloud environments. Candidates should understand identity models and authentication and authorization patterns, design and implement role based access control and attribute based access control, author and scope policies, apply permission boundaries and the principle of least privilege, and manage service identities and workload identities for virtual machines, containers, and serverless functions. Topics include federated identity and single sign on, multi factor authentication, service accounts and cross account trust, ephemeral credentials and credential rotation, secrets and key management using vaults and hardware security modules, encryption key lifecycle, avoidance of hard coded credentials, policy as code and automation with infrastructure as code, auditing and access logging for detection and compliance, and integration with enterprise identity providers. Interview scenarios assess policy design, least privilege exercises, troubleshooting misconfigured permissions, and trade offs between cloud native managed services and custom solutions.

MediumTechnical
0 practiced
Write or describe a policy-as-code rule using OPA (Rego) or Gatekeeper constraints that prevents creation of IAM policies containing wildcard (*) actions or resource wildcards for production environments. Explain how you'd integrate this rule into CI/CD so non-compliant changes are rejected before merge.
MediumSystem Design
0 practiced
Design an ABAC (attribute-based access control) model to support dynamic permissions in a tenant-based SaaS platform. Define candidate attributes (tenant_id, environment, role, project, data_sensitivity), explain where to evaluate policies (API gateway, centralized policy engine), how to propagate attributes through services, and how you'd test attribute integrity.
EasyTechnical
0 practiced
You're designing RBAC for a three-tier application (frontend, API/backend, data). Define a minimal set of roles (admin, developer, viewer) and map which permissions each role should have across compute, databases, object storage, and CI/CD. Describe constraints you would add (time-bound access, IP restrictions, MFA) and how you would test these roles before production rollout.
MediumTechnical
0 practiced
Write an AWS IAM policy JSON for a role that allows s3:GetObject on 'arn:aws:s3:::acme-data/*' only when the request originates from the corporate IP range 203.0.113.0/24 and is performed by a session authenticated with MFA. Include Condition blocks for both source IP and MFA.
MediumTechnical
0 practiced
You must enable an analytics pipeline in Account A to read data from S3 buckets in Account B without sharing long-lived credentials. Describe an AWS cross-account trust design using IAM roles and STS: include role assumptions, least-privilege policy snippets, conditions to limit scope (source VPC, MFA, external ID), and how you'd audit access.

Unlock Full Question Bank

Get access to hundreds of Cloud Identity and Access Management interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.