The IAM Console and the Sign-in Page
The AWS Management Console provides a web-based way to administer AWS services. You can sign in to the console and create, list, and perform other tasks with AWS services for your account, such as starting and stopping Amazon EC2 instances and Amazon RDS databases, creating Amazon DynamoDB tables, creating IAM users, and so on.
If you're the account owner, you can sign in to the console directly. If you've created IAM users in your account, assigned passwords to those users, and given the users permissions, they can sign in to the console using a URL that's specific to your account.
This section provides information about the IAM-enabled AWS Management Console sign-in page and explains how to create a unique sign-in URL for your account. For information about creating user passwords, see Managing Passwords.
If your organization has an existing identity system, you might want to create a single sign-on (SSO) option that gives users access to the AWS Management Console for your account without requiring them to have an IAM user identity and without requiring them to sign in separately to your organization's site and to AWS. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console (Custom Federation Broker).
The User Sign-in Page
Users who want to use the AWS Management Console must sign in to your AWS account through a sign-in page that's specific to your account. You provide your users with the URL they need to access the sign-in page. You can find the URL for your account sign-in on the dashboard of the IAM console.
You can also sign in at the following endpoint and enter the account ID or alias manually, instead of it being embedded in the URL:
In addition to providing users with a URL to your account sign-in page, before users can sign in to your page, you must provide each user with a password and, if appropriate, an MFA device. For detailed information about passwords and MFA devices, see Managing Passwords and Using Multi-Factor Authentication (MFA) in AWS.
To locate your AWS account ID, go to the AWS AWS Security Credentials page. Your account ID is in the Account Identifiers section.
Your unique account sign-in page URL is created automatically when you begin using IAM. You don't have to do anything to use this sign-in web page.
You can also customize the account sign-in URL for your account if you want the URL to contain your company name (or other friendly identifier) instead of your AWS account ID number. For more information about customizing the account sign-in URL, see Your AWS Account ID and Its Alias.
To create a bookmark for your account sign-in page in your web browser, you should manually enter your account's sign-in URL in the bookmark entry. Don't use your web browser's "bookmark this page" feature because of redirects that obscure the sign-in URL.
The Root Account Sign-in Page
When users sign in to your AWS account, they sign in via the account sign-in page. For their convenience, this sign-in page uses a cookie to remember user status so that the next time a user goes to the AWS Management Console, the console uses the account sign-in page by default.
If you want to sign in to the console using your AWS root account credentials instead of IAM user credentials, go to the account sign-in page and then click Sign in using root account credentials. The Amazon Web Services sign-in page appears that you can use to sign in with your AWS root account credentials.