Amazon Web Services (AWS) has the concept of a root account. This is the email that is used to sign up to AWS. It provides full access to the account.
To allow other users or programmatic services to use the account, an IAM user can be created. An IAM user with limited permissions should be used for day to day work.
An IAM user may be granted permission to sign-in to the AWS Management Console. As part of the
login process, the Account ID and IAM username must be specified. The login URL may contain the Account ID or alias so
the user won’t have to enter it. To setup an alias navigate to
Customize. After setting the Account Alias, IAM users can sign-in at
foo is the Account Alias.
Programmatic access can be provided to IAM users by generating Access keys. An access key consists of two strings:
- Access key ID
- Secret access key
These can be used to identify the IAM user.