Menu
AWS Artifact
User Guide

Getting Started

AWS Artifact offers a number of documents for downloading. Different documents may require you to delegate permissions differently for various user accounts. Permissions are delegated by using a combination of IAM policies and whitelisting. This Getting Started section shows you how to set up permissions and download reports by completing the following steps:

Step 1: Create an Admin Group and Add an IAM User

In this step, you create an Administrators group and add yourself as an IAM user to the group.

To create an IAM user for yourself and add the user to an Administrators group

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Users, and then choose Add user.

  3. For User name, type a user name, such as Administrator. The name can consist of letters, digits, and the following characters: plus (+), equal (=), comma (,), period (.), at (@), underscore (_), and hyphen (-). The name is not case sensitive and can be a maximum of 64 characters in length.

  4. Select the check box next to AWS Management Console access, select Custom password, and then type the new user's password in the text box. You can optionally select Require password reset to force the user to select a new password the next time the user signs in.

  5. Choose Next: Permissions.

  6. On the Set permissions for user page, choose Add user to group.

  7. Choose Create group.

  8. In the Create group dialog box, type the name for the new group. The name can consist of letters, digits, and the following characters: plus (+), equal (=), comma (,), period (.), at (@), underscore (_), and hyphen (-). The name is not case sensitive and can be a maximum of 128 characters in length.

  9. For Filter, choose Job function.

  10. In the policy list, select the check box for AdministratorAccess. Then choose Create group.

  11. Back in the list of groups, select the check box for your new group. Choose Refresh if necessary to see the group in the list.

  12. Choose Next: Review to see the list of group memberships to be added to the new user. When you are ready to proceed, choose Create user.

You can use this same process to create more groups and users, and to give your users access to your AWS account resources. To learn about using policies to restrict users' permissions to specific AWS resources, go to Access Management and Example Policies for Administering AWS Resources.

You can repeat the preceding steps to add other IAM users to the admin group.

Step 2: Create an IAM Policy

In this step, you create a permissions policy that grants permissions to the IAM users in the group so they can access the AWS Artifact documents. The following table shows the permissions that you can assign to IAM users based on the level of access that they need.

Permissions Type IAM Policy Document
Permissions to Download All Reports
Copy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:Get" ], "Resource": [ "arn:aws:artifact:::report-package/*" ] } ] }

Permissions to Download All Agreements

Copy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:DownloadAgreement" ], "Resource": [ "arn:aws:artifact:::agreement/*" ] } ] }
Permissions to Accept Agreements
Copy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:AcceptAgreement" ], "Resource": [ "*" ] } ] }
Permissions to Terminate Agreements
Copy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:TerminateAgreement" ], "Resource": [ "*" ] } ] }

To create an IAM policy

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Policies.

  3. Choose Create Policy.

  4. Choose Create Your Own Policy.

  5. For Policy Name, type a unique name that helps you to remember what your policy is intended to do.

  6. For Description, type a description for your policy.

  7. For Policy Document, copy and paste one of the policy documents from the previous table, or copy and paste the following policy to grant access to ISO certification reports, PCI compliance reports, and Service Organization Control (SOC) reports:

    Copy
    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:Get" ], "Resource": [ "arn:aws:artifact:::report-package/Certifications and Attestations/SOC/*", "arn:aws:artifact:::report-package/Certifications and Attestations/PCI/*", "arn:aws:artifact:::report-package/Certifications and Attestations/ISO/*" ] } ] }

    To remove permissions for a specific type of report, remove the line with that report type. For example, to remove the SOC reports, remove the following line:

    Copy
    "arn:aws:artifact:::report-package/Certifications and Attestations/SOC/*",
  8. Choose Validate Policy.

  9. Choose Create Policy.

Now that you have created your policy, you can attach the policy to a non-admin group.

Step 3: Create IAM Users

In the preceding steps, you created an admin group, added yourself to the group as an IAM user, and created a permissions policy. You can add other IAM users to the group at any time. You also can create non-admin groups and add IAM users to those groups. Now that you have created an admin user and a policy, create a group of IAM users and add each of the people that you want to have access to AWS Artifact documents. To do so, use the procedure from Step 1: Create an Admin Group and Add an IAM User, using the policy that you just created in step two instead of AdministratorAccess.

Step 4: Download a Document

Now that you have set up your IAM users and policies, you can download a document by following the procedure in Downloading Documents.