Question 1

List IAM access keys

Answer

aws iam list-access-keys --user-name devops-user

Permet de voir les clés actives et leur ID.

output:
{ "AccessKeyMetadata": [ { "AccessKeyId": "AKIAxxx", "Status": "Active" } ] }

Shows active access keys associated with an IAM user.

output:
{ "AccessKeyMetadata": [ { "AccessKeyId": "AKIAxxx", "Status": "Active" } ] }

Question 2

List EKS clusters

Answer

aws eks list-clusters

Renvoie tous les clusters Kubernetes gérés par EKS.

output:
{ "clusters": [ "dev-cluster", "prod-cluster" ] }

Retrieves the list of EKS clusters in the AWS account.

output:
{ "clusters": [ "dev-cluster", "prod-cluster" ] }

Question 3

List recent CloudTrail events

Answer

aws cloudtrail lookup-events --max-results 5

Affiche les derniers événements API (utile pour détecter anomalies IAM).

output:
{ "Events": [ { "EventName": "ConsoleLogin", "Username": "devops-user" } ] }

Vous pouvez répertorier les événements CloudTrail récents en utilisant la page Historique des événements dans la console de gestion AWS pour les 90 derniers jours ou en utilisant la commande `aws cloudtrail lookup-events` dans l'interface CLI AWS.Shows recent events recorded in AWS CloudTrail.

output:
{ "Events": [ { "EventName": "ConsoleLogin", "Username": "devops-user" } ] }

You can list recent CloudTrail events by using the Event history page in the AWS Management Console for the last 90 days or by using the `aws cloudtrail lookup-events` command in the AWS CLI.

Question 4

List security policies

Answer

aws iam list-policies --only-attached

Renvoie uniquement les policies IAM actuellement utilisées.

output:
{ "Policies": [ { "PolicyName": "AdministratorAccess" } ] }

Lists security policies and attached resources.

output:
{ "Policies": [ { "PolicyName": "AdministratorAccess" } ] }

Question 5

List IAM users

Answer

aws iam list-users

Affiche tous les utilisateurs IAM de l’organisation.

output:
{ "Users": [ { "UserName": "devops-user" } ] }

Lists all existing IAM users.

output:
{ "Users": [ { "UserName": "devops-user" } ] }

Question 6

Check when the IAM keys (AWS) were last used

Answer

aws iam get-access-key-last-used --access-key-id AKIAxxx

Affiche la dernière utilisation d’une clé IAM, très utile pour détecter les clés obsolètes.

output:
{ "AccessKeyLastUsed": { "LastUsedDate": "2025-09-25" } }

Displays the last usage date of an IAM access key.

Useful for detecting unused or stale keys.

output:
{ "AccessKeyLastUsed": { "LastUsedDate": "2025-09-25" } }

Question 7

Check IAM role permissions

Answer

aws iam list-attached-role-policies --role-name MyRole

Liste les policies rattachées à un rôle donné.

output:
{ "AttachedPolicies": [ { "PolicyName": "AdministratorAccess" } ] }

Displays permissions attached to a specific IAM role.

output:
{ "AttachedPolicies": [ { "PolicyName": "AdministratorAccess" } ] }

Question 8

List blobs in a container

Answer

az storage blob list --container-name mycontainer --output table

Affiche les objets d’un container Azure Blob Storage.

output:
Name          BlobType    Length
backup.tar.gz BlockBlob   512000

Lists all blobs inside an Azure Storage container.

output:
Name          BlobType    Length
backup.tar.gz BlockBlob   512000

Question 9

List AKS clusters

Answer

az aks list --output table

Liste les clusters Kubernetes managés sur Azure.

output:
Name          Location    ResourceGroup  KubernetesVersion
aks-prod      westeurope  RG-K8S         1.29.3

Lists all AKS clusters in the Azure subscription.

output:
Name          Location    ResourceGroup  KubernetesVersion
aks-prod      westeurope  RG-K8S         1.29.3

Question 10

List audit logs

Answer

az monitor activity-log list --max-events 5

Permet de voir les derniers événements d’audit (connexion, suppression de ressource).

output:
Caller : admin@company.com
Action : Microsoft.Resources/subscriptions/resourceGroups/delete

Displays Azure audit logs for security and operations.

output:
Caller : admin@company.com
Action : Microsoft.Resources/subscriptions/resourceGroups/delete

Question 11

List assigned IAM roles

Answer

az role assignment list --assignee <principal-id>

Montre les rôles attribués à un utilisateur, groupe ou service principal.

output:
RoleDefinitionName : Owner
Scope              : /subscriptions/xxx

Displays IAM roles assigned to a user or resource.

output:
RoleDefinitionName : Owner
Scope              : /subscriptions/xxx

Question 12

List privileged roles

Answer

az role assignment list --role "Owner"

Permet d’auditer les comptes avec des droits critiques comme Owner ou Contributor.

output:
PrincipalName : admin@company.com
Scope         : /subscriptions/xxx

Shows all privileged IAM roles in the tenant.

output:
PrincipalName : admin@company.com
Scope         : /subscriptions/xxx

Question 13

Switch kubeconfig context

Answer

gcloud container clusters get-credentials CLUSTER_NAME --zone europe-west1-b

Met à jour kubeconfig pour pointer vers un cluster GKE.

output:
Fetching cluster endpoint and auth data.
Merged kubeconfig entries.

Switches Kubernetes context to another GKE cluster.

output:
Fetching cluster endpoint and auth data.
Merged kubeconfig entries.

Question 14

List GKE clusters

Answer

gcloud container clusters list

Affiche tous les clusters GKE du projet.

output:
NAME         LOCATION       MASTER_VERSION  STATUS
prod-cluster europe-west1-b 1.29.4-gke.200  RUNNING

Retrieves all GKE clusters for the configured project.

output:
NAME         LOCATION       MASTER_VERSION  STATUS
prod-cluster europe-west1-b 1.29.4-gke.200  RUNNING

Question 15

List service accounts

Answer

gcloud iam service-accounts list

Affiche les comptes de service disponibles.

output:
DISPLAY NAME   EMAIL
sa-monitoring  monitoring@myproj.iam.gserviceaccount.com

Lists service accounts in the current GCP project.

output:
DISPLAY NAME   EMAIL
sa-monitoring  monitoring@myproj.iam.gserviceaccount.com

Question 16

List service account keys

Answer

gcloud iam service-accounts keys list --iam-account sa-monitoring@myproj.iam.gserviceaccount.com

Montre les clés actives pour un service account (vérifier rotation).

output:
KEY_ID          CREATED_AT            EXPIRES_AT
123abc456def    2025-01-12T08:00:00Z  never

Lists active keys linked to a service account..

output:
KEY_ID          CREATED_AT            EXPIRES_AT
123abc456def    2025-01-12T08:00:00Z  never

Question 17

List bucket objects

Answer

gsutil ls gs://my-bucket

Liste les fichiers dans un bucket Google Cloud Storage.

output:
gs://my-bucket/file1.txt
gs://my-bucket/file2.log

Lists all objects inside a Google Cloud Storage bucket.

output:
gs://my-bucket/file1.txt
gs://my-bucket/file2.log

Question 18

Check user permissions

Answer

gcloud projects get-iam-policy my-project --flatten="bindings[].members" --format="table(bindings.role)" --filter="bindings.members:user:alice@company.com"

Affiche uniquement les rôles IAM d’un utilisateur spécifique.

output:
ROLE
roles/viewer
roles/editor

Shows effective IAM permissions for a GCP user.

output:
ROLE
roles/viewer
roles/editor

Tech & DevOps HubEspace Tech & DevOps

Explorez le monde du Dev, du Cloud et des outils DevOps à travers nos articles et discussions Explore the world of development, the cloud and DevOps tools

Share +

</> DevOps Categories

Go Back

Cloud(AWS, Azure, GCP)

AWS

Azure

GCP