# Identity and Access Management for Amazon ParallelCluster Amazon ParallelCluster uses roles to access your Amazon resources and their services. The instance and user policies that Amazon ParallelCluster uses to grant permissions are documented at [Amazon Identity and Access Management permissions in Amazon ParallelCluster](iam-roles-in-parallelcluster-v3.md). The only major difference is how you authenticate when using a standard user and long-term credentials. Although an user requires a password to access an Amazon service's console, that same user requires an access key pair to perform the same operations using Amazon ParallelCluster. All other short-term credentials are used in the same way they are used with the console. The credentials used by Amazon ParallelCluster are stored in plaintext files and are ***not*** encrypted. + The `$HOME/.aws/credentials` file stores long-term credentials required to access your Amazon resources. These include your access key ID and secret access key. + Short-term credentials, such as those for roles that you assume, or that are for Amazon IAM Identity Center services, are also stored in the `$HOME/.aws/cli/cache` and `$HOME/.aws/sso/cache` folders, respectively. **Mitigation of Risk** + We strongly recommend that you configure your file system permissions on the `$HOME/.aws` folder and its child folders and files to restrict access to only authorized users. + Use roles with temporary credentials wherever possible to reduce the opportunity for damage if the credentials are compromised. Use long-term credentials only to request and refresh short-term role credentials.