Explore

IAM Authentication Methods

Console Password

Definition: A password used for signing into the AWS Management Console for interactive sessions.

User Password Management:

Self-Change: Users can be allowed to change their own passwords.

Selective Change: Specific IAM users can be granted permission to change their passwords by:

Disabling the option for all users.

Using an IAM policy to grant permissions to selected users.

Definition: A combination of an access key ID and a secret access key used for programmatic access.

Features:

Dual Keys: Each user can have up to two active access keys.

Usage: For making programmatic calls to AWS using:

API in program code.

AWS CLI.

AWS PowerShell tools.

Management: You can create, modify, view, or rotate access keys.

Security:

Key Creation: Upon creation, IAM returns the access key ID and secret access key.

Secret Key Handling: The secret access key is only shown at creation. If lost, a new key must be created.

Secure Storage: Ensure access keys and secret access keys are stored securely.

User Key Management: Users can be permitted to change their own keys via IAM policy (not through the console).

Key Disabling: You can disable a user’s access key to prevent it from being used for API calls.

Definition: SSL/TLS certificates used for authenticating with certain AWS services.

Usage Recommendations:

AWS Certificate Manager (ACM): Recommended for provisioning, managing, and deploying server certificates.

IAM Usage: Use IAM for server certificates only when you need to support HTTPS connections in regions not supported by ACM.

⁠

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.