AWS Identity and Access Management
User Guide

Document History for IAM

The following table describes major documentation updates for IAM.

Change Description Date

Tagging IAM Users and Roles

You can now use IAM tags to add custom attributes to an identity (IAM user or role) using a tag key–value pair. You can also use tags to control an identity's access to resources or to control what tags can be attached to an identity.

November 14, 2018

U2F security keys

You can now use U2F security keys as a multi-factor authentication (MFA) option when signing in to the AWS Management Console.

September 25, 2018

Support for Amazon VPC endpoints

You can now establish a private connection between your VPC and AWS STS in the US West (Oregon) Region.

July 31, 2018

Permissions Boundaries

New feature makes it easier to grant trusted employees the ability to manage IAM permissions without also granting full IAM administrative access.

July 12, 2018


New condition key provides an easier way to control access to AWS resources by specifying the AWS organization of IAM principals.

May 17, 2018


New condition key provides an easier way to use IAM policies to control access to AWS Regions.

April 25, 2018

Increased session duration for IAM roles

An IAM role can now have a session duration of 12 hours.

March 28, 2018

Updated role-creation workflow

New workflow improves the process of creating trust relationships and attaching permissions to roles.

September 8, 2017

AWS account sign-in process

Updated AWS sign-in experience allows both root users and IAM users to use the Sign In to the Console link on the AWS Management Console's home page.

August 25, 2017

Example IAM policies

Documentation update features more than 30 example policies.

August 2, 2017

IAM best practices

Information added to the Users section of the IAM console makes it easier to follow IAM best practices.

July 5, 2017

Auto Scaling resources

Resource-level permissions can control access to and permissions for Auto Scaling resources.

May 16, 2017

Amazon RDS for MySQL and Amazon Aurora databases

Database administrators can associate database users with IAM users and roles and thus manage user access to all AWS resources from a single location.

April 24, 2017

Service-linked roles

Service-linked roles provide an easier and more secure way to delegate permissions to AWS services.

April 19, 2017

Policy summaries

New policy summaries make it easier to understand permissions in IAM policies.

March 23, 2017