Identity and access management in AWS Artifact

When you sign up for AWS, you provide an email address and password that are associated with your AWS account. These are your root credentials, and they provide complete access to all of your AWS resources, including resources for AWS Artifact. However, we strongly recommend that you don't use the root account for everyday access. We also recommend that you don't share account credentials with others to give them complete access to your account.

Instead of signing in to your AWS account with root credentials or sharing your credentials with others, you should create a special user identity called an IAM user for yourself and for anyone who might need access to a document or agreement in AWS Artifact. With this approach, you can provide individual sign-in information for each user, and you can grant each user only the permissions that they need to work with specific documents. You can also grant multiple IAM users the same permissions by granting the permissions to an IAM group and adding the IAM users to the group.

If you already manage user identities outside AWS, you can use IAM identity providers instead of creating IAM users. For more information, see Identity providers and federation in the IAM User Guide.

Contents

• Granting user access

• Migrating to fine-grained permissions for AWS Artifact reports

• Migrating to fine-grained permissions for AWS Artifact agreements

• Example IAM policies in commercial AWS Regions

• Example IAM policies in AWS GovCloud (US) Regions

• Using AWS managed policies

• Using service-linked roles

• Using IAM condition keys