AWS Identity and Access Management (IAM) Resources

AWS Identity & Access Management

Best practices with IAM

Follow these IAM best practices to help secure your AWS resources using IAM. You can specify who can access which AWS services and resources, and under which conditions.

Best practices with IAM

Documentation

IAM user guide

IAM user guide

This guide introduces you to IAM by explaining IAM features that help you apply fine-grained permissions in AWS. The guide shows you how to grant access by defining and applying IAM policies to roles and resources. Additionally, this guide explains how IAM works and how you can use IAM to control access for your users and workloads.

HTML | PDF | Kindle

IAM Access Analyzer user guide

IAM Access Analyzer user guide

This guide provides conceptual overviews on how to use IAM Access Anaylzer to identify resources shared with an external entity, validate IAM policies, and generate IAM policies based on access activity.

HTML | PDF

IAM Roles Anywhere user guide

IAM Roles Anywhere user guide

This guide provides conceptual overviews of IAM Roles Anywhere and explains how to use it to obtain temporary security credentials in IAM for workloads such as servers, containers, and applications that run outside of AWS.

HTML | PDF

References

AWS STS API Reference

AWS STS API Reference

This AWS Security Token Service (AWS STS) documentation describes the API operations for you to programmatically assume roles in AWS. The documentation also provides sample requests, responses, and errors for the supported web service protocols.

AWS STS section of the AWS CLI Command Reference

AWS STS section of the AWS CLI Command Reference

This AWS STS section of the AWS CLI Command Reference documentation describes the AWS CLI commands that you can use to generate temporary security credentials. The section also provides syntax, options, and usage examples for each command.

IAM section of the AWS CLI Command Reference

IAM section of the AWS CLI Command Reference

This IAM section of the AWS CLI Command Reference describes the AWS CLI commands you can use to administer IAM. The section also provides syntax, options, and usage examples for each command.

IAM API Reference

IAM API Reference

The IAM API Reference describes in detail all the API operations for IAM. This documentation also provides sample requests, responses, and errors for the supported web services protocols.

Other resources

Sample code and libraries: IAM-related sample code

Developer tools: Command line and GUI-based tools for use with IAM APIs

IAM discussion forum: Discussion forum for IAM-related topics

Workshops

IAM overview lab

This hands on lab is broken into launching EC2 instances with tags, creating IAM identities, testing access for resources, and assigning IAM roles for EC2 instances.

Visit workshop

Integrating IAM Access Analyzer in a CI/CD pipeline

In this workshop, learn how to use IAM Access Analyzer policy validation feature, build a CI/CD pipeline using AWS services, and incorporate IAM Access Analyzer policy validation checks into your CI/CD pipeline.

Visit workshop

Deep dive on IAM Roles Anywhere

This workshop will allow you to dive deep on AWS IAM Roles Anywhere and have a better understanding on how to get access to temporary IAM credentials for workloads outside of AWS.

Visit workshop

Videos

IAM policy power hour – AWS re:Inforce 2024 (51:33)

AWS re:Inforce 2022 - Security best practices with AWS IAM (IAM201)

AWS re:Inforce 2022 - How to achieve least privilege (IAM303)

Managing hybrid workloads with IAM Roles Anywhere, featuring Hertz (45:03)

Accessing AWS services from workloads running outside of AWS (43:41)

AWS re:Invent 2022 - Harness IAM policies & rein in permissions with IAM Access Analyzer (SEC313)

Videos

AWS re:Invent 2022 - Running services without access to data (SEC327)

AWS re:Invent 2022 - A day in the life of a billion requests (SEC404)

AWS re:Invent 2022 - How AWS uses math to prove security (SEC310)

Video playlists

A playlist of security-related videos from AWS re:Invent 2022

Videos about security-related topics from AWS re:Invent 2022

View playlist

A playlist of IAM Access Analyzer videos

Videos about IAM Access Analyzer, which uses automated reasoning to determine all possible access paths allowed by a resource-based policy.

View playlist

AWS re:Inforce 2022 playlist - Identity & access management sessions

AWS re:Inforce 2022 videos that cover identity and access management.

View playlist

Featured blog posts

Blog posts

Next Steps

FAQs

Learn more about IAM

Read the FAQs

Console

Ready to build?

Get started with IAM

AWS Identity and Access Management (IAM) Resources

Best practices with IAM

Documentation

IAM user guide

IAM Access Analyzer user guide

IAM Roles Anywhere user guide

References

AWS STS API Reference

AWS STS section of the AWS CLI Command Reference

IAM section of the AWS CLI Command Reference

IAM API Reference

Other resources

Workshops

IAM overview lab

Integrating IAM Access Analyzer in a CI/CD pipeline

Deep dive on IAM Roles Anywhere

Videos

Videos

Video playlists

A playlist of security-related videos from AWS re:Invent 2022

A playlist of IAM Access Analyzer videos

AWS re:Inforce 2022 playlist - Identity & access management sessions

Featured blog posts

Blog posts

Next Steps

Learn more about IAM

Ready to build?

Learn

Resources

Developers

Help