Type Of Security Credentials in AWS - Singon, Access and IAM Users

There are different types of security credentials based on how we interact with AWS - Management Console or tools such as CLI or SDKs. 


Signon Credentials: Email and Password

Email and password created during signup are used to login to pages such as the AWS Management Console, AWS discussion forums, or AWS support center.

Root credentials have full access to all resources in the account. Therefore it is good to also setup AWS Multi-Factor Authentication (MFA). 

With AWS MFA enabled, when you sign in, you are also prompted an authentication code from an MFA device (e.g. dedicated device or a smart phone). 

MFA is not enabled by default. It can be enabled and managed for AWS root account from the Security Credentials page or the IAM dashboard.

MFA can also be enabled for IAM users.

You can change the email address and password on the Security Credentials page. You have also a ‘Forgot your password’ option.


Access Credentials:

Access Keys

Access credentials are used along with APIs and tools. Access credentials include access keys and key pairs.

Access keys consist of an access key ID and a secret access key, that can be used to sign programmatic requests that you make to AWS through AWS SDKs, REST, or Query APIs etc., or from the CLI.

Read more @ http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html.


Temporary Access Keys

You can also create and use temporary access keys using Security Token Service (STS), which are short-term temporary security credentials.

Read more @ http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html.


Key Pairs

Key pairs are used only for handful of services such as Amazon EC2 and Amazon CloudFront.

Key pairs consist of a public key and a private key. The private key is used to create a digital signature, and AWS can then use the corresponding public key to validate the signature.


IAM user identities

When multiple individuals or applications need access to the AWS account, AWS Identity and Access Management (IAM) should be used to create unique IAM user identities.

It is a good practice not to use the root credentials, but create IAM users with just enough permissions as required.

Read more about IAM users @ http://docs.aws.amazon.com/IAM/latest/UserGuide/id.html.

Learn Serverless from Serverless Programming Cookbook


Please first use the contact form or facebook page messaging to connect.

Offline Contact
We currently connect locally for discussions and sessions at Bangalore, India. Please follow us on our facebook page for details.
WhatsApp (Primary): (+91) 7411174113
Phone (Escalations): (+91) 7411174114

Business newsletter

Complete the form below, and we'll send you an e-mail every now and again with all the latest news.


Cloudericks.com is my blog to share notes and learning materials on Cloud and Data Analytics. My current focus is on Amazon Web Services.

I like to write. I try to document what I learn and share with others. I believe that knowledge is useless unless you share it; the more you share, the more you learn.

Recent comments

Photo Stream