AWS Identity and Access Management

IAM is generally free to use

IAM allows for the creation of users, groups, and roles with fine-grained permissions at no cost. Costs only accrue when using advanced features of IAM Access Analyzer, such as unused access analysis or custom policy checks.

Set permission guardrails and fine-grained access

Set and manage guardrails with broad permissions, and move toward least privilege by using fine-grained access controls for your workloads.

Manage workload identities across your AWS accounts

Manage identities across single AWS accounts or centrally connect identities to multiple AWS accounts.

Use temporary security credentials and permission sets to access your AWS resources

Grant temporary security credentials for workloads that access your AWS resources using IAM and grant your workforce access with AWS IAM Identity Center.

Analyze access and validate IAM policies as you move toward least privilege

Generate least-privilege policies, verify external and unused access to resources, and continually analyze to rightsize permissions.

AWS IAM Access Analyzer

Streamline your journey toward least privilege. IAM Access Analyzer guides you toward least privilege by providing capabilities to set, verify, and refine permissions.

AWS IAM Identity Center

Connect your existing workforce identity source and centrally manage access to AWS. IAM Identity Center is a flexible solution that can be used to connect your existing identity source once and gives your AWS applications a common view of your users.

AWS IAM Roles Anywhere

Extend IAM roles to workloads running outside of AWS. You can use IAM Roles Anywhere to obtain temporary security credentials for your on-premises, hybrid, and multicloud workloads.

See all IAM features

Apply fine-grained permissions and scale with attribute-based access control

Create granular permissions based on user attributes—such as department, job role, and team name—by using attribute-based access control.

Manage per-account access or scale access across AWS accounts and applications

Manage per-account identities with IAM or use IAM Identity Center to provide multi-account access and application assignments across AWS.

Establish organization-wide and preventative guardrails on AWS

Use service control policies to establish permissions guardrails for IAM users and roles, and implement a data perimeter around your accounts in AWS Organizations.

Set, verify, and right-size permissions toward least privilege

Streamline permissions management and use cross-account findings as you set, verify, and refine policies on the journey toward least privilege.

 

Have more questions? See our FAQs

Have more questions?

Please see our full list of Frequently Asked Questions.