Use cases for IAM users

IAM users that you create in your Amazon Web Services account have long-term credentials that you manage directly.

When it comes to managing access in Amazon, IAM users are generally not the best choice. There are a few key reasons why you should avoid relying on IAM users for most of your use cases.

First, IAM users are designed for individual accounts, so they don't scale well as your organization grows. Managing permissions and security for a large number of IAM users can quickly become a challenge.

IAM users also lack the centralized visibility and auditing capabilities that you get with other Amazon identity management solutions. This can make it more challenging to maintain security and regulatory compliance.

Finally, implementing security best practices like multi-factor authentication, password policies, and role separation is much easier with more scalable identity management approaches.

Instead of relying on IAM users, we recommend using more robust solutions like Organizations with IAM Identity Center, or federated identities from external providers. These options will give you better control, security, and operational efficiency as your Amazon environment grows.

As a result, we recommend that you only use IAM users for use cases not supported by federated users.

The following list identifies the specific use cases that require long-term credentials with IAM users in Amazon. You can use IAM to create these IAM users under the umbrella of your Amazon account, and use IAM to manage their permissions.