Getting Set Up

AWS Identity and Access Management (IAM) helps you securely control access to Amazon Web Services (AWS) and your account resources. IAM can also keep your account credentials private. With IAM, you can create multiple IAM users under the umbrella of your AWS account or enable temporary access through identity federation with your corporate directory. In some cases, you can also enable access to resources across AWS accounts.

Without IAM, however, you must either create multiple AWS accounts—each with its own billing and subscriptions to AWS products—or your employees must share the security credentials of a single AWS account. In addition, without IAM, you cannot control the tasks a particular user or system can do and what AWS resources they might use.

This guide provides a conceptual overview of IAM, describes business use cases, and explains AWS permissions and policies.

Topics

Using IAM to Give Users Access to Your AWS Resources
Do I Need to Sign Up for IAM?
Additional Resources

Using IAM to Give Users Access to Your AWS Resources

Here are the ways you can use IAM to control access to your AWS resources.

Type of access	Why would I use it?	Where can I get more information?
Access for users under your AWS account	You want to add users under the umbrella of your AWS account, and you want to use IAM to create users and manage their permissions.	To learn how to use the AWS Management Console to create users and to manage their permissions under your AWS account, see Getting Started. To learn about using the IAM API or AWS Command Line Interface to create users under your AWS account, see Creating Your First IAM Admin User and Group. For more information about working with IAM users, see Identities (Users, Groups, and Roles).
Non-AWS user access via identity federation between your authorization system and AWS	You have non-AWS users in your identity and authorization system, and they need access to your AWS resources.	To learn how to use security tokens to give your users access to your AWS account resources through federation with your corporate directory, go to Temporary Security Credentials. For information about the AWS Security Token Service API, go to the AWS Security Token Service API Reference.
Cross-account access between AWS accounts	You want to share access to certain AWS resources with users under other AWS accounts.	To learn how to use IAM to grant permissions to other AWS accounts, see Roles Terms and Concepts.

Type of access

Why would I use it?

Where can I get more information?

Access for users under your AWS account

You want to add users under the umbrella of your AWS account, and you want to use IAM to create users and manage their permissions.

To learn how to use the AWS Management Console to create users and to manage their permissions under your AWS account, see Getting Started.

To learn about using the IAM API or AWS Command Line Interface to create users under your AWS account, see Creating Your First IAM Admin User and Group.

For more information about working with IAM users, see Identities (Users, Groups, and Roles).

Non-AWS user access via identity federation between your authorization system and AWS

You have non-AWS users in your identity and authorization system, and they need access to your AWS resources.

To learn how to use security tokens to give your users access to your AWS account resources through federation with your corporate directory, go to Temporary Security Credentials. For information about the AWS Security Token Service API, go to the AWS Security Token Service API Reference.

Cross-account access between AWS accounts

You want to share access to certain AWS resources with users under other AWS accounts.

To learn how to use IAM to grant permissions to other AWS accounts, see Roles Terms and Concepts.

Do I Need to Sign Up for IAM?

If you don't already have an AWS account, you need to create one to use IAM. You don't need to specifically sign up to use IAM. There is no charge to use IAM.

Note

IAM works only with AWS products that are integrated with IAM. For a list of services that support IAM, see AWS Services That Work with IAM.

To sign up for AWS

Open https://aws.amazon.com/, and then choose Create an AWS Account.

Note

If you previously signed in to the AWS Management Console using AWS account root user credentials, choose Sign in to a different account. If you previously signed in to the console using IAM credentials, choose Sign-in using root account credentials. Then choose Create a new AWS account.
Follow the online instructions.

Part of the sign-up procedure involves receiving a phone call and entering a verification code using the phone keypad.

Additional Resources

Here are some resources to help you get things done with IAM.

Manage your AWS account credentials: AWS Security Credentials in the AWS General Reference
Get started with and learn more about What Is IAM?
Set up a command line interface (CLI) to use with IAM. For the cross-platform AWS CLI, see the AWS Command Line Interface Documentation and IAM CLI reference. You can also manage IAM with Windows PowerShell; see the AWS Tools for Windows PowerShell Documentation and IAM Windows PowerShell reference.
Download an AWS SDK for convenient programmatic access to IAM: Tools for Amazon Web Services
Get the FAQ: AWS Identity and Access Management FAQ
Get technical support: AWS Support Center
Get premium technical support: AWS Premium Support Center
Find definitions of AWS terms: Amazon Web Services Glossary
Get community support: IAM Discussion Forums
Contact AWS: Contact Us

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

« Previous Next »