Using IAM in production environments

For production environments it is best practice to use IAM roles instead of access keys. The IAM role generates and rotates the temporary keys. Applications that run on AWS are authenticated and authorized to use AWS resources securely and seamlessly.

Example use case

Consider a scenario where your application calls an AWS Lambda function and that function accesses the Amazon DynamoDB table to perform create, read, update, delete (CRUD) operations and to add logs to Amazon CloudWatch. The following diagram illustrates this example. The Lambda function requires permissions to access the DynamoDB table and CloudWatch Logs. To grant these permissions, add an execution role when you create the Lambda function.

Using IAM roles for authentication in .NET Framework application
development

Resources

How to create an IAM policy to grant AWS Lambda access to an Amazon DynamoDB table (AWS Security blog)
Security best practices in IAM (IAM documentation)
AWS Lambda execution role (Lambda documentation)

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using IAM in development environments

Using Amazon Cognito