Signing in to the Amazon Web Services access portal
The Amazon Web Services access portal provides IAM Identity Center users with single sign-on access to all their assigned
Amazon Web Services accounts and applications through a web portal. The following outlines how you can sign
in to the Amazon Web Services access portal, tips for signing in, and how to sign out of the Amazon Web Services access portal. To learn
how to sign in the Amazon Web Services access portal as an IAM Identity Center user, see Sign in to the Amazon Web Services access portal
Prerequisites
IAM Identity Center needs to be enabled to use the Amazon Web Services access portal. For more information, see Enable IAM Identity Center
Note
After you sign in, the default duration for your Amazon Web Services access portal session is 8 hours. Be aware that an administrator can change the duration of this session.
Sign in to the Amazon Web Services access portal
The following steps are for IAM Identity Center administrator to confirm that the IAM Identity Center user can sign in to the Amazon Web Services access portal and access the Amazon Web Services account.
Sign in to the Amazon Web Services access portal
-
Do either of the following to sign in to the Amazon Web Services Management Console.
-
New to Amazon (root user) – Sign in as the account owner by choosing Root user and entering your Amazon Web Services account email address. On the next page, enter your password.
-
Already using Amazon (IAM credentials) – Sign in with your IAM credentials and select an admin role.
-
-
Open the IAM Identity Center console
. -
In the navigation pane, choose Dashboard.
-
On the Dashboard page, under Settings summary, choose the Amazon Web Services access portal URL.
-
Sign in by using either of the following:
-
If you're using Active Directory or an external identity provider (IdP) as your identity source, sign in by using the credentials of the Active Directory or IdP user.
-
If you're using the default Identity Center directory as your identity source, sign in by using the username that you specified when you created the user and the new password that you specified for the user.
-
-
In the Accounts tab, locate your Amazon Web Services account and expand it.
-
The roles available to you are displayed. For example, if you're assigned both the AdministratorAccess permission set and Billing permissions sets, those roles are displayed in the Amazon Web Services access portal. Choose the IAM role name you want to use for the session.
-
If you're redirected to the Amazon Management Console you successfully finished setting up access to the Amazon Web Services account.
Note
If you don't see any Amazon Web Services accounts listed, it's likely that the user hasn't yet been assigned to a permission set for that account. For instructions on assigning users to a permission set, see Assign user or group access to Amazon Web Services accounts.
Now that you've confirmed that you can sign in using IAM Identity Center credentials, switch to the browser that you used to sign into the Amazon Web Services Management Console and sign out from your root user or IAM user credentials.
Important
We strongly recommend that you use the credentials of the IAM Identity Center administrative user when you sign in to the Amazon Web Services access portal to perform administrative tasks instead of using IAM user or root user credentials. Safeguard your root user credentials and use them to perform the tasks that only the root user can perform. To enable other users to access your accounts and applications, and to administer IAM Identity Center, create and assign permission sets only through IAM Identity Center.
Trusted devices
When you choose the option This is a trusted device from the sign-in page, IAM Identity Center considers all future sign-ins from that device as authorized. This means that IAM Identity Center won't present an option to enter in an MFA code as long as you're using that trusted device. However, there are some exceptions, including signing in from a new browser or when your device has been issued an unknown IP address.
Sign in tips for the Amazon Web Services access portal
Here are some tips to help you manage your Amazon Web Services access portal experience.
-
Occasionally, you might need to sign out and sign back in to the Amazon Web Services access portal. This might be necessary to access new applications that your administrator recently assigned to you. This is not required, however, because all new applications are refreshed every hour.
-
When you sign in to the Amazon Web Services access portal, you can open any of the applications listed in the portal by choosing the application’s icon. After you are done using the application, you can either close the application or sign out of the Amazon Web Services access portal. Closing the application signs you out of that application only. Any other applications that you have opened from the Amazon Web Services access portal remain open and running.
-
Before you can sign in as a different user, you must first sign out of the Amazon Web Services access portal. Signing out from the portal completely removes your credentials from the browser session.
-
Once you sign in to the Amazon Web Services access portal, you can switch to a role. Switching roles temporarily sets aside your original user permissions and instead gives you the permissions assigned to the role. For more information, see Switching to a role (console)
.
Signing out of the Amazon Web Services access portal
When you sign out from the portal, your credentials are completely removed from the browser session. For more information, see Sign out of the Amazon Web Services access portal in the Amazon Sign-In guide.
To sign out of the Amazon Web Services access portal
-
In the Amazon Web Services access portal, choose Sign out from the navigation bar.
Note
If you want to sign in as a different user, you must first sign out of the Amazon Web Services access portal.