AWS Identity and Access Management (IAM) Resources
Best practices with IAM
Follow these IAM best practices to help secure your AWS resources using IAM. You can specify who can access which AWS services and resources, and under which conditions.
Documentation
IAM user guide
This guide introduces you to IAM by explaining IAM features that help you apply fine-grained permissions in AWS. The guide shows you how to grant access by defining and applying IAM policies to roles and resources. Additionally, this guide explains how IAM works and how you can use IAM to control access for your users and workloads.
IAM Access Analyzer user guide
IAM Access Analyzer user guide
This guide provides conceptual overviews on how to use IAM Access Anaylzer to identify resources shared with an external entity, validate IAM policies, and generate IAM policies based on access activity.
IAM Roles Anywhere user guide
This guide provides conceptual overviews of IAM Roles Anywhere and explains how to use it to obtain temporary security credentials in IAM for workloads such as servers, containers, and applications that run outside of AWS.
References
AWS STS API Reference
This AWS Security Token Service (AWS STS) documentation describes the API operations for you to programmatically assume roles in AWS. The documentation also provides sample requests, responses, and errors for the supported web service protocols.
AWS STS section of the AWS CLI Command Reference
This AWS STS section of the AWS CLI Command Reference documentation describes the AWS CLI commands that you can use to generate temporary security credentials. The section also provides syntax, options, and usage examples for each command.
IAM section of the AWS CLI Command Reference
This IAM section of the AWS CLI Command Reference describes the AWS CLI commands you can use to administer IAM. The section also provides syntax, options, and usage examples for each command.
IAM API Reference
The IAM API Reference describes in detail all the API operations for IAM. This documentation also provides sample requests, responses, and errors for the supported web services protocols.
Other resources
Sample code and libraries: IAM-related sample code
Developer tools: Command line and GUI-based tools for use with IAM APIs
IAM discussion forum: Discussion forum for IAM-related topics
Workshops
Videos
Videos
Video playlists
Featured blog posts
- How to monitor and query IAM resources at scale - Part 1
- How to monitor and query IAM resources at scale - Part 2
- How to use policies to restrict where EC2 instance credentials can be used from
- How to visualize IAM Access Analyzer policy validation findings with Amazon Quicksight
- How to prioritize IAM Access Analyzer findings
- Extend AWS IAM roles to workloads outside of AWS with IAM Roles Anywhere
- How to use AWS Private Certificate Authority short-lived certificate mode
- Using AWS Distro for OpenTelemetry and IAM Roles Anywhere on-premises to ingest metrics into Amazon Managed Service for Prometheus