Getting set up with IAM
AWS Identity and Access Management (IAM) helps you securely control access to Amazon Web Services (AWS) and your account resources. IAM can also keep your account credentials private. With IAM, you can create multiple IAM users under the umbrella of your AWS account or enable temporary access through identity federation with your corporate directory. In some cases, you can also enable access to resources across AWS accounts.
Without IAM, however, you must either create multiple AWS accounts—each with its own billing and subscriptions to AWS products—or your employees must share the security credentials of a single AWS account. In addition, without IAM, you cannot control the tasks a particular user or system can do and what AWS resources they might use.
This guide provides a conceptual overview of IAM, describes business use cases, and explains AWS permissions and policies.
Topics
Using IAM to give users access to your AWS resources
Here are the ways you can use IAM to control access to your AWS resources.
| Type of access | Why would I use it? | Where can I get more information? |
|---|---|---|
|
Access for users in your AWS account |
You want to add users under the umbrella of your AWS account, and you want to use IAM to create users and manage their permissions. |
To learn how to use the AWS Management Console to create users and to manage their permissions in your AWS account, see Getting started with IAM. To learn about using the IAM API or AWS Command Line Interface to create users in your AWS account, see Creating your first IAM admin user and user group. For more information about working with IAM users, see IAM Identities (users, user groups, and roles). |
|
Non-AWS user access via identity federation between your authorization system and AWS |
You have non-AWS users in your identity and authorization system, and they need access to your AWS resources. |
To learn how to use security tokens to give your users access to your AWS account resources through federation with your corporate directory, go to Temporary security credentials in IAM. For information about the AWS Security Token Service API, go to the AWS Security Token Service API Reference. |
|
Cross-account access between AWS accounts |
You want to share access to certain AWS resources with users under other AWS accounts. |
To learn how to use IAM to grant permissions to other AWS accounts, see Roles terms and concepts. |
Do I need to sign up for IAM?
If you don't already have an AWS account, you need to create one to use IAM. You don't need to specifically sign up to use IAM. There is no charge to use IAM.
IAM works only with AWS products that are integrated with IAM. For a list of services that support IAM, see AWS services that work with IAM.
To sign up for AWS
-
Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.
Additional resources
Here are some resources to help you get things done with IAM.
-
Manage your AWS account credentials: AWS Security Credentials in the AWS General Reference
-
Get started with and learn more about What is IAM?
-
Set up a command line interface (CLI) to use with IAM. For the cross-platform AWS CLI, see the AWS Command Line Interface Documentation
and IAM CLI reference. You can also manage IAM with Windows PowerShell; see the AWS Tools for Windows PowerShell Documentation and IAM Windows PowerShell reference. -
Download an AWS SDK for convenient programmatic access to IAM: Tools for Amazon Web Services
-
Get the FAQ: AWS Identity and Access Management FAQ
-
Get technical support: AWS Support Center
-
Get premium technical support: AWS Premium Support Center
-
Find definitions of AWS terms: Amazon Web Services Glossary
-
Get community support: IAM Discussion Forums
-
Contact AWS: Contact Us
