Initial IAM set up for your account
AWS Identity and Access Management is a foundational AWS service, that helps you to securely manage access to your AWS resources. Managing IAM provides a wide range of responsibilities to control user access and permissions, from supporting different user types to managing passwords, permissions, and security credentials.
You can use additional IAM services in your environment to help you with your identity and access management goals. Enable AWS IAM Identity Center with Organizations to create an organization instance of IAM Identity Center to centrally manage the access of people and groups to applications and AWS accounts. Use IAM Access Analyzer to help you manage permissions in your account and organization by reviewing access findings. To obtain temporary security credentials in IAM for workloads such as servers, containers, and applications that run outside of AWS, use IAM Roles Anywhere.
When you are initially setting up your AWS environment, you make decisions about:
-
The URL you use to connect to AWS. This URL is based off your AWS account id. For more information, see Viewing your AWS account ID. To make the URL easier to remember, you can configure an alias for your account.
-
How you will organize identities in your environment. You can use IAM Identity Center to add people to an organizational directory, categorize them into groups, and give them access to applications and resources. You can federate either IAM Identity Center or IAM with an external identity provider to integrate your existing identity source with AWS.
-
What permissions are required to perform different tasks. Permissions are controlled through policies that you can apply directly to IAM roles or that can be applied automatically to IAM roles created why you use IAM Identity Center to create a permission set.
-
Which IAM roles you need to support in your environment. There are several common scenarios that involve IAM roles that meet different access requirements.
As you create the different IAM components of your identity and access management system, you might need to refer back to other items that you have worked with in your environment. IAM provides a search feature to help you find things quickly and easily.