X

Enter Title

Text/HTML

AWS Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.

To get started using IAM, click on the Create New Account; or if you have already registered with AWS, sign into the AWS Management Console and get started with these IAM Best Practices.

Functionality

AWS IAM allows you to:

Manage IAM users and their access
You can create users in IAM, assign them individual security credentials (i.e., access keys, passwords, and multi-factor authentication devices) or request temporary security credentials to provide users access to AWS services and resources. You can manage permissions in order to control which operations a user can perform.

Manage IAM roles and their permissions
You can create roles in IAM, and manage permissions to control which operations can be performed by the entity, or AWS service, that assumes the role. You can also define which entity is allowed to assume the role.

Manage federated users and their permissions
You can enable identity federation to allow existing identities (e.g. users) in your enterprise to access the AWS Management Console, to call AWS APIs, and to access resources, without the need to create an IAM user for each identity.

Use Cases

Protect your AWS environment by using AWS Multi-Factor Authentication (MFA), a security feature available at no extra cost that augments username and password credentials. MFA requires users to prove physical possession of a hardware or virtual MFA device by providing a valid MFA code.

  • Fine-grained access control to AWS resources
    IAM enables your users to control access to AWS service APIs and to specific resources. IAM also enables you to add specific conditions to control how a user can use AWS, such as time of day, their originating IP address, whether they are using SSL, or whether they have authenticated with a multi-factor authentication device.
  • Integrate with your corporate directory
    IAM can be used to grant your employees, and applications federated access to AWS Management Console and AWS service APIs, using your existing identity systems like Microsoft Active Directory. You can use any identity management solution that supports SAML 2.0 or feel free to use one of our federation samples (AWS Console SSO or API federation).
  • Multi-Factor Authentication for highly privileged users
    Protect your AWS environment by using AWS Multi-Factor Authentication (MFA), a security feature available at no extra cost that augments username and password credentials. MFA requires users to prove physical possession of a hardware or virtual MFA device by providing a valid MFA code.
  • Manage access control for mobile applications with Web Identity Providers
    You can enable your mobile and browser-based applications to securely access AWS resources by requesting temporary security credentials that grant access only to specific AWS resources for a configurable period of time.

Back to Top