Determine your user type
How you sign in depends on what type of AWS user you are. You can manage an AWS account as a root user, an IAM user, a user in IAM Identity Center, or a federated identity. You can use an AWS Builder ID profile to access certain AWS services and tools. The different user types are listed below.
Root user
Also referred to as the account owner or account root user. As the root user, you have
complete access to all AWS services and resources in your AWS account. When you first
create an AWS account, you begin with a single sign-in identity that has complete access
to all AWS services and resources in the account. This identity is the AWS account
root user. You can sign in as the root user using the email address and password that you used to
create the account. Root users sign in with the AWS Management Console
Important
When you create an AWS account, you begin with one sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account. We strongly recommend that you don't use the root user for your everyday tasks. Safeguard your root user credentials and use them to perform the tasks that only the root user can perform. For the complete list of tasks that require you to sign in as the root user, see Tasks that require root user credentials in the IAM User Guide.
For more information about IAM identities including the root user, see IAM Identities (users, user groups, and roles).
IAM user
An IAM user is an entity you create in AWS. This user is an identity within your
AWS account that's granted specific custom permissions. Your IAM user credentials
consist of a name and password used to sign in to the AWS Management Console
For more information about IAM identities including the IAM user, see IAM Identities (users, user groups, and roles).
IAM Identity Center user
An IAM Identity Center user is a member of AWS Organizations and can be granted access to multiple AWS accounts and applications through the AWS access portal. If their company has integrated Active Directory or another identity provider with IAM Identity Center, users in IAM Identity Center can use their corporate credentials to sign-in. IAM Identity Center can also be an identity provider where an administrator can create users. Regardless of the identity provider, users in IAM Identity Center sign in using the AWS access portal, which is a specific sign-in URL for their organization. IAM Identity Center users can't sign in through the AWS Management Console URL.
Human users in IAM Identity Center can get the AWS access portal URL from either:
-
A message from their administrator or help desk employee
-
An email from AWS with an invitation to join IAM Identity Center
Tip
All emails sent by the IAM Identity Center service originate from either the address
<no-reply@signin.aws>
or <no-reply@login.awsapps.com>
. We
recommend that you configure your email system so that it accepts emails from these sender
email addresses and doesn't handle them as junk or spam.
For step by step instructions on how to sign in, see Sign in to the AWS access portal.
Note
We recommend you bookmark your organization's specific sign-in URL for the AWS access portal so that you can access it later.
For more information about IAM Identity Center, see What is IAM Identity Center?
Federated identity
A federated identity is a user who can sign in using a well-known external identity
provider (IdP), such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)
For more information, see Sign in as a federated identity.
AWS Builder ID user
As an AWS Builder ID user, you specifically sign in to the AWS service or tool that you want to access. An AWS Builder ID user complements any AWS account you already have or want to create. An AWS Builder ID represents you as a person, and you can use it to access AWS services and tools without an AWS account. You also have a profile where you can see and update your information. For more information, see Sign in with AWS Builder ID.