Welcome to the AWS Account Management Reference Guide - AWS Account Management

Welcome to the AWS Account Management Reference Guide

AWS accounts are a fundamental part of accessing AWS services.

An AWS account serves two basic functions:

  • Container – An AWS account is the basic container for all the AWS resources you create as an AWS customer. For example, an Amazon Simple Storage Service (Amazon S3) bucket, an Amazon Relational Database Service (Amazon RDS) database, and an Amazon Elastic Compute Cloud (Amazon EC2) instance are all resources. Every resource is uniquely identified by an Amazon Resource Name (ARN) that includes the account ID of the account that contains, or owns, the resource.

  • Security boundary – An AWS account is also the basic security boundary for your AWS resources. Resources that you create in your account are available to users who have credentials for your account.

    Among the key resources you can create in your account are identities, such as users and roles. Identities have credentials that someone can use to sign in (authenticate) to AWS. Identities also have permission policies that specify what a user can do (authorization) with the resources in the account.

    As a security best practice, require your users to use temporary credentials when accessing AWS. To provide temporary credentials, you can use federation and an identity provider, such as AWS IAM Identity Center (IAM Identity Center). If your company already uses an identity provider, use it with federation to simplify how you provide access to the resources in your AWS account.

    For information about security best practices, see Security best practices in IAM in the IAM User Guide.