Authentication and access - AWS SDKs and Tools

Authentication and access

You must establish how your code authenticates with AWS when you develop with AWS services. You can configure programmatic access to AWS resources in different ways, depending on the environment and the AWS access available to you.

Authentication options for code running locally (not in AWS)

  • IAM Identity Center authentication – As a security best practice, we recommend using AWS Organizations with IAM Identity Center to manage access across all your AWS accounts. You can create users in AWS IAM Identity Center (successor to AWS Single Sign-On), use Microsoft Active Directory, use a SAML 2.0 identity provider (IdP), or individually federate your IdP to AWS accounts. To check if your Region supports IAM Identity Center, see AWS IAM Identity Center (successor to AWS Single Sign-On) endpoints and quotas in the Amazon Web Services General Reference.

  • Other ways to authenticate – Other options that might be less convenient or might increase the security risk to your AWS resources.

Authentication options for code running within an AWS environment

  • Using IAM roles for Amazon EC2 instances – Use IAM roles to securely run your application on an Amazon EC2 instance.

  • You can programmatically interact with AWS using IAM Identity Center in the following ways:

    • Use AWS CloudShell to run AWS CLI commands from the console.

    • Use AWS Cloud9 to start programming on AWS using an integrated development environment (IDE) with AWS resources.

    • To try cloud-based collaboration space for software development teams, consider using Amazon CodeCatalyst.

More information about access management

The IAM User Guide has the following information about securely controlling access to AWS resources:

The Amazon Web Services General Reference has foundational basics on the following: