This guide provides instructions to create a new AWS account and set up your first administrative user in AWS IAM Identity Center (successor to AWS Single Sign-On) following the latest security best practices.
An AWS account is required to access AWS services and serves as two basic functions:
Container – An AWS account is a container for all the AWS resources you can create as an AWS customer. When you create an Amazon Simple Storage Service (Amazon S3) bucket or Amazon Relational Database Service (Amazon RDS) database to store your data, or an Amazon Elastic Compute Cloud (Amazon EC2) instance to process your data, you are creating a resource in your account. Every resource is uniquely identified by an Amazon Resource Name (ARN) that includes the account ID of the account that contains or owns the resource.
Security boundary – An AWS account is the basic security boundary for your AWS resources. Resources that you create in your account are available only to users who have credentials for that same account.
Among the key resources you can create in your account are identities, such as IAM users and roles, and federated identities, such as users from your enterprise user directory, a web identity provider, the IAM Identity Center directory, or any other user that accesses AWS services by using credentials provided through an identity source. These identities have credentials that someone can use to sign in, or authenticate to AWS. Identities also have permission policies that specify what the person who signed in is authorized to do with the resources in the account.
Top comments (0)