Getting started with IAM - AWS Identity and Access Management

Getting started with IAM

This topic shows you how to give access to your AWS resources by creating AWS Identity and Access Management (IAM) users in your AWS account. First, you'll learn about IAM concepts you should understand before you create groups and users, and then you'll walk through how to perform the necessary tasks using the AWS Management Console. The first task is to set up an administrators group for your AWS account. Having an administrators group for your AWS account isn't required, but we strongly recommend it.


This set of documentation deals primarily with the IAM service. To learn about getting started with AWS and using multiple services to solve a problem such as building and launching your first project, see the Getting Started Resource Center.

The following figure shows a simple example of an AWS account with three groups. A group is a collection of users who have similar responsibilities. In this example, one group is for administrators (it's called Admins). There's also a Developers group and a Test group. Each group has multiple users. Each user can be in more than one group, although the figure doesn't illustrate that. You can't put groups inside other groups. You use policies to grant permissions to groups.

      Example layout of AWS account, groups, and users

In the procedure that follows, you will perform the following tasks:

  • Create an Administrators group and give the group permission to access all of your AWS account's resources.

  • Create a user for yourself and add that user to the Administrators group.

  • Create a password for your user so you can sign in to the AWS Management Console.

You will grant the Administrators group permission to access all your available AWS account resources. Available resources are any AWS products you use, or that you are signed up for. Users in the Administrators group can also access your AWS account information, except for your AWS account's security credentials.