Amazon Web Services (AWS) has the concept of a root account. This is the email that is used to sign up to AWS. It provides full access to the account.

To allow other users or programmatic services to use the account, an IAM user can be created. An IAM user with limited permissions should be used for day to day work.

Management Console

An IAM user may be granted permission to sign-in to the AWS Management Console. As part of the login process, the Account ID and IAM username must be specified. The login URL may contain the Account ID or alias so the user won’t have to enter it. To setup an alias navigate to IAM → Dashboard → Customize. After setting the Account Alias, IAM users can sign-in at https://foo.signin.aws.amazon.com/console, where foo is the Account Alias.

Access Keys

Programmatic access can be provided to IAM users by generating Access keys. An access key consists of two strings:

• Access key ID
• Secret access key

These can be used to identify the IAM user.