Resources to learn more about IAM
IAM is a rich product, and you'll find many resources to help you learn more about how IAM can help you secure your Amazon Web Services account and resources.
Topics
Identities
Consult these resources for creating, managing, and using identities.
Manage identities in IAM Identity Center – Procedural information about creating users and group in IAM Identity Center.
-
IAM Identities – An in-depth discussion of users, groups, and roles.
Credentials (passwords, access keys, and MFA devices)
Review the following guides to manage passwords, access keys, and MFA devices for your Amazon Web Services account and for IAM users.
-
User passwords in Amazon – Describes options for managing passwords for IAM users in your account.
-
Manage access keys for IAM users – Describes how access keys work and how you can use them to make programmatic calls to Amazon. There are other more secure alternatives to access keys that we recommend you consider first. For more information, see Considerations and alternatives for long-term access keys in the Amazon Web Services General Reference guide.
-
Amazon Multi-factor authentication in IAM – Describes how to configure your account and IAM users to require both a password and a one-time use code that is generated on a device before sign-in is allowed. (This is sometimes called two-factor authentication.)
For general information about the types of credentials you use to access Amazon Web Services, see Amazon Security Credentials in the Amazon Web Services General Reference guide..
Permissions and policies
Learn the inner workings of IAM policies and find tips on the best ways to confer permissions:
-
Policies and permissions in Amazon Identity and Access Management – Introduces the policy language that is used to define permissions. Describes how permissions can be attached to users or groups or, for some Amazon products, to resources themselves.
-
IAM JSON policy element reference – Provides descriptions and examples of each policy language element.
-
IAM policy validation – Find resources for JSON policy validation.
-
Example IAM identity-based policies – Shows examples of policies for common tasks in various Amazon products.
-
Amazon Policy Generator
– Create custom policies by choosing products and actions from a list. -
IAM Policy Simulator
– Test whether a policy would allow or deny a specific request to Amazon.
Federation and delegation
You can grant access to resources in your Amazon Web Services account for users who are authenticated (signed in) elsewhere. These can be IAM users in another Amazon Web Services account (known as delegation), users who are authenticated with your organization's sign-in process, or users from an Internet identity provider like Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC) compatible identity provider. In these cases, the users get temporary security credentials to access Amazon resources.
-
IAM tutorial: Delegate access across Amazon accounts using IAM roles – Guides you through granting cross-account access to an IAM user in another Amazon Web Services account.
-
Common scenarios for temporary credentials – Describes ways in which users can be federated into Amazon after being authenticated outside of Amazon.
IAM and other Amazon products
Most Amazon products are integrated with IAM so that you can use IAM features to help protect access to the resources in those products. The following resources discuss IAM and security for some of the most popular Amazon products. For a complete list of products that work with IAM, including links to more information on each, see Amazon services that work with IAM.
Using IAM with Amazon EC2
-
Controlling Access to Amazon EC2 Resources – Describes how to use IAM features to permit users to administer Amazon EC2 instances, volumes, and more.
-
Use instance profiles – Describes how to use IAM roles to securely provide credentials for applications that run on Amazon EC2 instances and that need access to other Amazon products.
Using IAM with Amazon S3
-
Managing Access Permissions to Your Amazon S3 Resources – Discusses the Amazon S3 security model for buckets and objects, which includes IAM policies.
-
Writing IAM Policies: Grant Access to User-Specific Folders in an Amazon S3 Bucket
– Discusses how to let users protect their own folders in Amazon S3. (For more posts about Amazon S3 and IAM, choose the S3 tag below the title of the blog post.)
Using IAM with Amazon RDS
-
Using Amazon Identity and Access Management (IAM) to Manage Access to Amazon RDS Resources – Describes how to use IAM to control access to database instances, database snapshots, and more.
-
A Primer on RDS Resource-Level Permissions
– Describes how to use IAM to control access to specific Amazon RDS instances.
Using IAM with Amazon DynamoDB
-
Using IAM to Control Access to DynamoDB Resources – Describes how to use IAM to permit users to administer DynamoDB tables and indexes.
General security practices
Find expert tips and guidance on the best ways to secure your Amazon Web Services account and resources:
-
Best Practices for Security, Identity, &, Compliance
– Find resources for how to manage security across Amazon Web Services accounts and products, including suggestions for security architecture, use of IAM, encryption and data security, and more. -
Identity and Access Management – The Amazon Well-Architected Framework helps you understand key concepts, design principles, and architectural best practices for designing and running workloads in the cloud.
-
Security best practices in IAM – Offers recommendations for ways to use IAM to help secure your Amazon Web Services account and resources.
-
Amazon CloudTrail User Guide – Use Amazon CloudTrail to track a history of API calls made to Amazon and store that information in log files. This helps you determine which users and accounts accessed resources in your account, when the calls were made, what actions were requested, and more.
General resources
Explore the following resources to learn more about IAM and Amazon.
-
Product Information for IAM
– General information about the Amazon Identity and Access Management product. -
Amazon Web Services re:Post for Amazon Identity and Access Management
– Visit Amazon Web Services re:Post to discuss technical questions related to IAM with the Amazon community.
-
Getting Started Resource Center
– Learn how to set up your Amazon Web Services account, join the Amazon community, and launch your first application. -
Amazon Web Services Support Center
– The hub for creating and managing your Amazon Web Services Support cases. Also includes links to other helpful resources, such as forums, technical FAQs, service health status, and Amazon Trusted Advisor. -
Amazon Web Services Support
– The primary webpage for information about Amazon Web Services Support, a one-on-one, fast-response support channel to help you build and run applications in the cloud. -
Contact Us
– A central contact point for inquiries concerning Amazon billing, account, events, abuse, and other issues. -
Amazon Site Terms
– Detailed information about our copyright and trademark; your account, license, and site access; and other topics.