Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

How do I manage IAM?

Managing Amazon Identity and Access Management within an Amazon environment involves leveraging a variety of tools and interfaces. The most common method is through the Amazon Web Services Management Console, a web-based interface that allows you to perform a wide range of IAM administrative tasks, from creating users and roles to configuring permissions.

For users more comfortable with command line interfaces, Amazon provides two sets of command line tools - the Amazon Command Line Interface and the Amazon Tools for Windows PowerShell. These allow you to issue IAM-related commands directly from the terminal, often more efficiently than navigating the console. Additionally, Amazon CloudShell enables you to run CLI or SDK commands directly from your web browser, using the permissions associated with your console sign-in.

Beyond the console and command line, Amazon offers Software Development Kits (SDKs) for various programming languages, enabling you to integrate IAM management functionality directly into your applications. Alternatively, you can access IAM programmatically using the IAM Query API, which allows you to issue HTTPS requests directly to the service. Leveraging these different management approaches provides you with the flexibility to incorporate IAM into your existing workflows and processes.

Use the Amazon Web Services Management Console

The console is a browser-based interface to manage IAM and Amazon resources. For more information about accessing IAM through the console, see How to sign in to Amazon in the Amazon Sign-In User Guide.

Use the Amazon Command Line Tools

You can use the Amazon command line tools to issue commands at your system's command line to perform IAM and Amazon tasks. Using the command line can be faster and more convenient than the console. The command line tools are also useful if you want to build scripts that perform Amazon tasks.

Amazon provides two sets of command line tools: the Amazon Command Line Interface (Amazon CLI) and the Amazon Tools for Windows PowerShell. For information about installing and using the Amazon CLI, see the Amazon Command Line Interface User Guide. For information about installing and using the Tools for Windows PowerShell, see the Amazon Tools for Windows PowerShell User Guide.

After signing in to the console, you can use Amazon CloudShell from your browser to run CLI or SDK commands. The permissions for accessing Amazon resources are based on the credentials you used to sign-in to the console. Depending on your experience, you may find the CLI to be a more efficient method of managing your Amazon Web Services account. For more information, see Use Amazon CloudShell to work with Amazon Identity and Access Management

Use the Amazon SDKs

Amazon provides SDKs (software development kits) that consist of libraries and sample code for various programming languages and platforms (Java, Python, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to IAM and Amazon. For example, the SDKs take care of tasks such as cryptographically signing requests, managing errors, and retrying requests automatically. For information about the Amazon SDKs, including how to download and install them, see the Tools for Amazon Web Services page.

Use the IAM Query API

You can access IAM and Amazon programmatically by using the IAM Query API, which lets you issue HTTPS requests directly to the service. When you use the Query API, you must include code to digitally sign requests using your credentials. For more information, see Calling the IAM API using HTTP query requests and the IAM API Reference.