Manage Permissions for Entities with IAM

AWS Identity and Access Management (IAM) is an AWS service for controlling access to other AWS services. With IAM, you can centrally manage users, security credentials—such as access keys, and permissions—that designate the AWS resources to which your users and applications are granted access.

When you set up your landing zone, a number of groups can be created for AWS IAM Identity Center automatically, if you select IAM as your identity provider. These groups have permission sets that are pre-defined permissions policies from IAM. Your end-users also can use IAM to define the scope of permissions for IAM users and other entities within member accounts.

AWS Identity and Access Management (IAM) simplifies how you manage access to AWS accounts and business applications. You can control IAM Identity Center access and user permissions across all your AWS accounts in AWS Control Tower.

For more information, see AWS IAM Identity Center User Guide.

If you are based in an AWS Region that does not support IAM, you can bring another identity provider, to set up and maintain your own users and groups manually.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS Config

AWS Key Management Service