Welcome to the Amazon Account Management Reference Guide

Amazon Web Services accounts are a fundamental part of accessing Amazon services.

An Amazon Web Services account serves two basic functions:

Container – An Amazon Web Services account is the basic container for all the Amazon resources you create as an Amazon customer. For example, an Amazon Simple Storage Service (Amazon S3) bucket, an Amazon Relational Database Service (Amazon RDS) database, and an Amazon Elastic Compute Cloud (Amazon EC2) instance are all resources. Every resource is uniquely identified by an Amazon Resource Name (ARN) that includes the account ID of the account that contains, or owns, the resource.
Security boundary – An Amazon Web Services account is also the basic security boundary for your Amazon resources. Resources that you create in your account are available to users who have credentials for your account.

Among the key resources you can create in your account are identities, such as users and roles. Identities have credentials that someone can use to sign in (authenticate) to Amazon. Identities also have permission policies that specify what a user can do (authorization) with the resources in the account.

As a security best practice, require your users to use temporary credentials when accessing Amazon. To provide temporary credentials, you can use federation and an identity provider, such as Amazon IAM Identity Center (IAM Identity Center). If your company already uses an identity provider, use it with federation to simplify how you provide access to the resources in your Amazon Web Services account.

For information about security best practices, see Security best practices in IAM in the IAM User Guide.

Topics

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Do I need multiple Amazon Web Services accounts?