Set up AWS and IAM - AWS Certificate Manager

Set up AWS and IAM

Before you can use ACM, you must sign up for Amazon Web Services. As a best practice, you can create an IAM user to limit the actions your users can perform.

Sign up for AWS

If you are not already an Amazon Web Services (AWS) customer, you must sign up to be able to use ACM. Your account is automatically signed up for all available services, but you are charged for only the services that you use. Also, if you are a new AWS customer, you can get started for free. For more information, see AWS Free Tier.

To sign up for an AWS account
  1. Go to and choose Sign Up.

  2. Follow the on-screen instructions.


Part of the sign-up procedure includes receiving an automated telephone call and entering the supplied PIN on the telephone keypad. You must also supply a credit card number even if you are signing up for the free tier.

Create an IAM user

All AWS accounts have root user credentials (that is, the credentials of the account owner). These credentials allow full access to all resources in the account. Because you can't restrict permissions for root user credentials, we recommend that you delete your root user access keys. Then create AWS Identity and Access Management (IAM) user credentials for everyday interaction with AWS. For more information, see Lock away your AWS account (root) access keys in the IAM User Guide.


You may need AWS account root user access for specific tasks, such as changing an AWS support plan or closing your account. In these cases, sign in to the AWS Management Console with your email and password. See Email and Password (Root User).

For a list of tasks that require root user access, see AWS Tasks That Require AWS Account Root User.

With IAM, you can securely control access to AWS services and resources for users in your AWS account. For example, if you require administrator-level permissions, you can create an IAM user, grant that user full access, and then use those credentials to interact with AWS. If you need to modify or revoke your permissions, you can delete or modify the policies that are associated with that IAM user.

If you have multiple users that require access to your AWS account, you can create unique credentials for each user and define who has access to which resources. You don't need to share credentials. For example, you can create IAM users with read-only access to resources in your AWS account and distribute those credentials to your users.

ACM also provides two AWS managed policies that you can use:

  • AWSCertificateManagerFullAccess

  • AWSCertificateManagerReadOnly


Any activity or costs that are associated with the IAM user are billed to the AWS account owner.