I want to grant least-privilege access to my AWS account and resources to particular users or groups of users. Can IAM help me do that?

Using IAM, you can create user identities ("IAM users") and assign custom permissions sets (“IAM policies”) to those users. This allows you to grant each user access only to the services, resources, and information they need to perform their tasks. Each user can also be assigned individualized security credentials, access keys, and multi-factor authentication devices.

You can also integrate IAM policies and permissions with directories you already manage (for example, Microsoft Active Directory, AWS Directory Service, or an OpenID Connect provider). For more information, see Identity Providers and Federation.

You can interact with IAM through the web-based IAM console, the AWS Command Line Interface, or the AWS API or SDKs. IAM is offered at no additional charge. For more information on how to get started with IAM, see Getting Started.

For a list of AWS services that support IAM, see AWS Services that Work with IAM.

Identity and Access Management, IAM, getting started

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2016-06-15