AWS Security Blog
Coming Soon: Improvements to How You Sign In to Your AWS Account
Update from August 25, 2017: These improvements are now live. For more details, see Now Available: Improvements to How You Sign In to Your AWS Account.
Coming soon, AWS will improve the way you sign in to your AWS account. Whether you sign in as your account’s root user or an AWS Identity and Access Management (IAM) user, you will be able to sign in from the AWS Management Console’s home page. This means that if you sign in as an IAM user, you will no longer be required to use an account-specific URL. However, the account-specific URL you use to sign in today will continue to work.
In the new sign-in experience, you can sign in from the homepage using either your root user’s or IAM user’s credentials. In the first step, root users will enter their email address; IAM users will enter their account ID (or account alias). In the second step, root users will enter their password; IAM users will enter their user name and password.
In this blog post, I explain the improvements that are coming soon to the way you sign in to your AWS account as a root user or IAM user. If you use a password manager to help you sign in to AWS, you may need to make updates so that it will work with the new sign-in experience.
The new sign-in experience
The new AWS sign-in experience will allow both root users and IAM users to sign in using the Sign In to the Console link on the AWS home page.
Step 1: For root users and IAM users
As shown in the following screenshot, to sign in as a root user, you will type the email address associated with the root account. To sign in as an IAM user, you will type an AWS account ID or account alias. You will then choose Next to proceed to Step 2.
If you usually sign in using the same browser and allow the browser to store AWS cookies, you will skip Step 1 on subsequent sign-in attempts. If you regularly switch users or accounts, AWS recommends that you prevent the sign-in page from storing AWS cookies.
Step 2: For root users
If you enter the email address associated with the root account in Step 1, you will be taken to the second step of signing in to the root account, as shown in the following screenshot. Type the password of the root account and choose Sign in. If you enabled multi-factor authentication (MFA) for your root account, you will then be prompted to enter the code from your MFA device. After successful authentication, you will be signed in to the AWS Management Console, and the homepage of your root account will be displayed.
Step 2: For IAM users
If you enter an AWS account ID or account alias in Step 1, you will be taken to the second step for signing in as an IAM user, as shown in the following screenshot. Type the user name and password of the IAM user, and choose Sign in. If MFA has been enabled for your IAM user, you will then be prompted to enter the code from your MFA device. After successful authentication, the IAM user home page will be displayed.
With these changes, you may need to make updates to password managers so that they will work with the new sign-in experience. We will publish another Security Blog post when the updated sign-in experience is available.
If you have comments about the upcoming changes to how your root user and IAM users will sign in to your AWS account, enter a comment in the “Comments” section below. If you have questions, start a new thread on the IAM forum.
– Siraj
Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.