InterviewStack.io LogoInterviewStack.io

Cloud Identity and Access Management Questions

Comprehensive coverage of identity and access management in cloud environments. Candidates should understand identity models and authentication and authorization patterns, design and implement role based access control and attribute based access control, author and scope policies, apply permission boundaries and the principle of least privilege, and manage service identities and workload identities for virtual machines, containers, and serverless functions. Topics include federated identity and single sign on, multi factor authentication, service accounts and cross account trust, ephemeral credentials and credential rotation, secrets and key management using vaults and hardware security modules, encryption key lifecycle, avoidance of hard coded credentials, policy as code and automation with infrastructure as code, auditing and access logging for detection and compliance, and integration with enterprise identity providers. Interview scenarios assess policy design, least privilege exercises, troubleshooting misconfigured permissions, and trade offs between cloud native managed services and custom solutions.

MediumSystem Design
0 practiced
Design an identity model for microservices running on Kubernetes (EKS/GKE/AKS) that need to call external cloud APIs and access secrets. Compare options: provider-native workload identity (IRSA/GKE Workload Identity), mounting static service account keys as secrets, and token-broker sidecars. Describe how you'd enforce least privilege, handle token rotation, and mitigate token exfiltration risks.
EasyTechnical
0 practiced
Explain multi-factor authentication (MFA) types (TOTP, SMS, push notifications, hardware tokens) and trade-offs for cloud console and API access. Design a policy that requires MFA for privileged console access but allows automated API calls for service identities without interactive MFA, while maintaining strong protections for service accounts.
MediumTechnical
0 practiced
Explain how a service mesh (e.g., Istio, Linkerd) can help with identity propagation and mTLS between microservices, and how it integrates with cloud IAM (service accounts or IAM roles). As an architect, when would you recommend adding a service mesh versus relying on cloud-native IAM-only controls?
MediumTechnical
0 practiced
Explain AWS IAM policy evaluation order and components: identity policies, resource policies, permission boundaries, service control policies (SCPs), and session policies. Provide a concise debugging checklist you would use when a user or role is unexpectedly denied an action.
MediumSystem Design
0 practiced
Design an IAM strategy for a multi-tenant SaaS application where tenants share the same cloud account (logical isolation). Use permission boundaries, resource tagging, service accounts, and policies to ensure tenant isolation. Explain enforcement (runtime checks), tenant onboarding, and how you would audit to detect cross-tenant leaks.

Unlock Full Question Bank

Get access to hundreds of Cloud Identity and Access Management interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.