Documentation
Introduces you to AWS Identity and Access Management, helps you set up users and groups, and shows you how to protect your resources with access control policies. Also shows how to connect to other identity services to grant external users access to your AWS resources.
Describes the AWS CLI commands that you can use to generate temporary security credentials. Provides syntax, options, and usage examples for each command.
Describes the AWS CLI commands that you can use to administer IAM. Provides syntax, options, and usage examples for each command.
Describes all the API operations for AWS STS in detail. Also provides sample requests, responses, and errors for the supported web services protocols.
Describes all the API operations for AWS Identity and Access Management in detail. Also provides sample requests, responses, and errors for the supported web services protocols.
Other Resources
Sample Code and Libraries: IAM-related sample code
Developer Tools: Command line and GUI-based tools for use with IAM APIs
IAM Discussion Forum: Discussion forum for IAM-related topics
Blog posts
Below is a list of announcements about IAM-related functionality published since 2010.
2019
- New for Identity Federation – Use Employee Attributes for Access Control in AWS
- Use IAM to share your AWS resources with groups of AWS accounts in AWS Organizations
- Continuously monitor unused IAM roles with AWS Config
- Identify unused IAM roles and remove them confidently with the last used timestamp
- IAM role-based authentication to Amazon Aurora from serverless applications
- Introducing fine-grained IAM roles for service accounts
- Working backward: From IAM policies and principal tags to standardized names and tags for your AWS resources
- Create fine-grained session permissions using IAM managed policies
- How to centralize and automate IAM policy creation in sandbox, development, and test environments
2018
- Automate analyzing your permissions using IAM access advisor APIs
- Simplify granting access to your AWS resources by using tags on AWS IAM users and roles
- Add Tags to Manage Your AWS IAM Users and Roles
- Use YubiKey security key to sign into AWS Management Console with YubiKey for multi-factor authentication
- AWS Organizations now requires email address verification in order to invite accounts to an organization
- Delegate permission management to developers by using IAM permissions boundaries
- How to access secrets across AWS accounts by attaching resource-based policies
- How to use IAM multifactor authentication with Amazon RDS
- An easier way to control access to AWS resources by using the AWS organization of IAM principals
- Easier way to control access to AWS regions using IAM policies
- How to Use Service Control Policies in AWS Organizations
- Enable Federated API Access to your AWS Resources for up to 12 hours Using IAM Roles
2017
- A New AWS Government, Education, and Nonprofits Blog Post: “AWS Achieves Full Empanelment for the Delivery of Cloud Services by India’s Ministry of Electronics and Information Technology”
- Introducing the New GDPR Center and “Navigating GDPR Compliance on AWS” Whitepaper
- How to Manage Amazon GuardDuty Security Findings Across Multiple Accounts
- Now Available: A New AWS Quick Start Reference Deployment for CJIS
- Introducing AWS Single Sign-On
- How to Easily Apply Amazon Cloud Directory Schema Changes with In-Place Schema Upgrades
- Newly Updated Whitepaper: FERPA Compliance on AWS
2016
- AWS CloudTrail Now Tracks Cross-Account Activity to Its Origin
- Now Create and Manage Users More Easily with the AWS IAM Console
- How to Add More Application Support to Your Microsoft AD Directory by Extending the Schema
- How to Assign Permissions Using New AWS Managed Policies for Job Functions
- re:Invent 2016 Security and Compliance Sessions with Seats Remaining
- In Case You Missed These: AWS Security Blog Posts from September and October
- How to Enable MFA Protection on Your AWS API Calls
2015
- Introducing s2n, a New Open Source TLS Implementation
- Customer Update—AWS and EU Safe Harbor
- How to Connect Your On-Premises Active Directory to AWS Using AD Connector
- How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS
- Privacy and Data Security
- Enable a New Feature in the AWS Management Console: Cross-Account Access
- PCI Compliance in the AWS Cloud
- How to Help Prepare for DDoS Attacks by Reducing Your Attack Surface
2014
- A Recap of the AWS Security Blog in 2014
- Coming March 2015: Upgrades to IAM Policy Validation
- Introducing the IAM GetAccountAuthorizationDetails API
- Announcing OpenID Connect Support for Amazon Cognito
- At-a-glance view of last AWS sign in
- Easier role selection for SAML-based single sign-on
- Introducing the Redesigned IAM Console
2013
- Identity Federation using SAML 2.0
- Policy Simulator
- Resource-Level Permissions for EC2 and RDS Resources
- Web Identity Federation Playground
- AWS IAM now Supports Amazon, Facebook, and Google Identity Federation
- Variables in AWS Access Control Policies
2012
- Enable Single Sign On to the AWS Management Console
- Delegating API Access to AWS Services Using IAM Roles
- Identity and Access Management for the AWS Marketplace
- The AWS Report - Anders Samuelsson, AWS IAM
- New AWS Feature - MFA-Protected API Access
- IAM roles for EC2 instances – Simplified Secure Access to AWS service APIs from EC2
- AWS Storage Gateway - APIs and IAM Support
2011
- New - AWS Virtual (Software) Multi-Factor Authentication - RFC 6238 Support
- Integrated IAM Policy Generator
- Updated Mobile SDKs for AWS - Improved Credential Management
- AWS Identity and Access Management - Now With Identity Federation
- Identity and Access Management in the AWS Management Console
- IAM: AWS Identity and Access Management - Now Generally Available
- AWS Identity and Access Management Users Can Now Log in to the AWS Management Console
2010
Learn more about AWS IAM
