Amazon Identity and Access Management (IAM)
Configurable Amazon Web Services Access Controls
Amazon Identity and Access Management (IAM) enables you to securely control access to Amazon Web Services services and resources for your users. Using IAM, you can create and manage Amazon Web Services users and groups and use permissions to allow and deny their permissions to Amazon Web Services resources.
First time users should see the IAM Best Practices section of the IAM User Guide. To get started using IAM, sign in to the Amazon Management Console.
IAM also enables identity federation between your corporate directory and Amazon Web Services services. This lets you use existing corporate identities to grant secure access to Amazon Web Services resources, such as Amazon S3 buckets, without creating new Amazon Web Services identities for those users. To learn more, try our sample application.
Amazon Web Services Multi-Factor Authenticationmulti-factor authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password. With MFA enabled, when a user signs in to an Amazon Web ServicesMulti-Factor Authenticationwebsite, they are prompted for their user name and password (the first factor—what they know), as well as for an authentication code from their virtual MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for your Amazon Web Services account settings and resources.
You can enable MFA for your Amazon Web Services account and for individual IAM users you have created under your account. MFA can be also be used to control access to Amazon Web Services service APIs.
Virtual MFA Apps
You can install apps on your smartphone from the app store that is specific to your phone type. The following list shows some apps for different smartphone types:
Android: Authy 2-Factor Authentication
iPhone: Authy 2-Factor Authentication
Windows Phone: Authenticator
Intended Usage and Restrictions
Your use of this service is subject to the Amazon Web Services Customer Agreement.