Amazon Identity and Access Management - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Amazon Identity and Access Management

Amazon Config integrates with Amazon Identity and Access Management (IAM), which allows you to create permission policies to attach to your IAM role, Amazon S3 buckets and Amazon Simple Notification Service (Amazon SNS) topics. You can use Amazon Identity and Access Management to create Amazon Config permission policies to attach to the IAM roles. A policy is a set of statements that grants Amazon Config permissions.

Important

We consider it a best practice not to use root account credentials to perform everyday work in Amazon. Instead, we recommend that you create an IAM administrators group with appropriate permissions, create IAM users for the people in your organization who need to perform administrative tasks (including for yourself), and add those users to the administrative group. For more information, see IAM Best Practices in the IAM User Guide guide.

The first two topics control user permissions for Amazon Config followed by topics that provide accurate configuration information about permissions needed for Amazon Config. The topics provide examples of recommended IAM policies to use with the Amazon Config console and the Amazon Command Line Interface.