| « PreviousNext » | |
   | Did this page help you? Yes | No | Tell us about it... |
Getting Set Up
Topics
AWS Identity and Access Management (IAM) helps you securely control access to Amazon Web Services and your account resources. IAM can also keep your account credentials private. With IAM, you can create multiple IAM users under the umbrella of your AWS account or enable temporary access through identity federation with your corporate directory. In some cases, you can also enable access to resources across AWS accounts.
Without IAM, however, you must either create multiple AWS accounts—each with its own billing and subscriptions to AWS products—or your employees must share the security credentials of a single AWS account. In addition, without IAM, you cannot control the tasks a particular user or system can do and what AWS resources they might use.
This guide provides a conceptual overview of IAM, describes business use cases, and explains AWS permissions and policies.
Using IAM to Give Users Access to Your AWS Resources
Here are the ways you can use IAM to control access to your AWS resources.
| Type of access | Why would I use it? | Where can I get more information? |
|---|---|---|
|
Access for users under your AWS account |
You want to add users under the umbrella of your AWS account, and you want to use IAM to create users and manage their permissions. |
To learn how to use the AWS Management Console to create users and to manage their permissions under your AWS account, see Getting Started. To learn about using the IAM application programming interface (API) or command line interface (CLI) to create users under your AWS account, see Creating an Admins Group Using the CLI or API. For more information about working with IAM users, see Users and Groups. |
|
Non-AWS user access via identity federation between your authorization system and AWS |
You have non-AWS users in your identity and authorization system, and they need access to your AWS resources. |
To learn how to use security tokens to give your users access to your AWS account resources through federation with your corporate directory, go to Using Temporary Security Credentials. For information about the AWS Security Token Service API, go to the AWS Security Token Service API Reference. |
|
Cross-account access between AWS accounts |
You want to share access to certain AWS resources with users under other AWS accounts. |
To learn how to use IAM to grant permissions to other AWS accounts, see Roles or Cross-Account Access Using Resource-Based Policies. |
Do I Need to Sign Up for IAM?
IAM is a feature of your AWS account. If you are already signed up for a product that is integrated with IAM, you don't need to do anything else to sign up for IAM, nor will you be charged extra for using it.
Note
IAM works only with AWS products that are integrated with IAM. For a list of such products, see AWS Services that Support IAM.
If you don't already have an AWS account, you need to create one to use IAM. You create an AWS account when you sign up to use an AWS product for the first time.
To sign up for AWS
Go to http://aws.amazon.com, and then click Sign Up.
Follow the on-screen instructions.
Part of the sign-up procedure involves receiving a phone call and entering a PIN using the phone keypad.
AWS product documentation is available at AWS Documentation.
How Do I... ?
Here are some resources to help you get things done with AWS Identity and Access Management.
| How Do I... | Relevant Resources |
|---|---|
|
Learn more about the business cases for AWS Identity and Access Management | |
|
Get started with IAM | |
|
Get the release notes | |
|
Get the FAQ | |
|
Learn more about how IAM works | |
|
Get developer tools | |
|
Get the Java library | |
|
Get technical support | |
|
Get premium technical support | |
|
Get community support | |
|
Contact AWS |
For definitions of AWS terms, go to the Amazon Web Services Glossary.
