AWS Identity and Access Management
IAM User Guide

Credentials (Passwords, Access Keys, and MFA devices)

AWS offers many strategies to help you administer your users' credentials in IAM—that is, their passwords, access keys, and multi-factor authentication (MFA) devices.

To access your AWS account resources, users must have credentials. To use the AWS Management Console, users must have a password. To use the AWS Command Line Interface (AWS CLI), or the Tools for Windows PowerShell, or to make API calls, users must have an access key (an access key ID and secret access key). Users who access your resources only through the API, CLI, or PowerShell do not need a password.

For extra security, you can enable multi-factor authentication (MFA) for users. To add security, MFA requires users to enter an authentication code from a hardware device or virtual device and provide a password or access key as well.

Take advantage of the following options to administer passwords, access keys, and MFA devices: