The Amazon Web Services Management Console can now handle Identity and Access Management (IAM) features offered in its cloud, the company said.
Administrators can create and manage users, groups of users, their permissions, and their security credentials using the browser-based tool.
To get started, an administrator clicks on the new IAM tab in the AWS Management Console. Here a user group can be created with the help of a wizard, which allows the administrator to decide what, for example, a group of developers are allowed to access.
Pre-defined policies include administrator access, which provides full access to all available AWS services, and a power user access, which allows the person to access everything, but they aren't permitted to carry out any management tasks. There are also policies for allowing access to separate services. If needed, the policies can be edited before they are put into use.
Amazon offers the AWS Policy Generator, which is a tool that enables administrators to create their own policies that control access, as well.
When managing an individual user, the administrator specify that the user has to log in using one-time passwords created by a hardware token from Gemalto.
Besides the AWS Management Console, IAM features can be accessed through APIs (application programming interfaces) and a command line interface, for those who prefer the written word.
On Tuesday, Amazon also announced the general availability of the underlying AWS Identity and Access Management features, which are offered at no additional charge along with its other services. The management console is also free.