Individual user setup

• Important Although you can sign in to the AWS Cloud9 console with the email address and password that you used when you created your AWS account (we call this an AWS account root user), this isn't an AWS security best practice. In the future, we recommend that you sign in as an administrator user in AWS Identity and Access Management (IAM) in your AWS account instead. For more information, see in the IAM User Guide and in the Amazon Web Services General Reference.

Team setup

• Note You can use instead of IAM to enable multiple users within a single AWS account to use AWS Cloud9. In this usage pattern, the single AWS account serves as the management account for an organization in AWS Organizations, and that organization has no member accounts. To use IAM Identity Center, skip this topic and follow the instructions in instead. For related information, see the following resources: in the AWS Organizations User Guide (IAM Identity Center requires the use of AWS Organizations) in the AWS IAM Identity Center (successor to AWS Single Sign-On) User Guide The 4-minute video on the YouTube website The 7-minute video on the YouTube website The 9-minute video on the YouTube website

• Note Your organization might already have an AWS account set up for you. If your organization has an AWS account administrator, check with that person before starting the following procedure. If you already have an AWS account, skip ahead to .

• Note Your organization might already have an IAM group and user set up for you. If your organization has an AWS account administrator, check with that person before starting the following procedures.

• Note If you're using , you can't use a terminal session in the AWS Cloud9 IDE to run some or all of the commands in this section. To address AWS security best practices, AWS managed temporary credentials don’t allow some commands to be run. Instead, you can run those commands from a separate installation of the AWS Command Line Interface (AWS CLI).

• Note We recommend that you repeat this procedure to create at least two groups: one group for AWS Cloud9 users, and another group for AWS Cloud9 administrators. This AWS security best practice can help you better control, track, and troubleshoot issues with AWS resource access.

• Note If you're using , you can't use a terminal session in the AWS Cloud9 IDE to run some or all of the commands in this section. To address AWS security best practices, AWS managed temporary credentials don’t allow some commands to be run. Instead, you can run those commands from a separate installation of the AWS Command Line Interface (AWS CLI).

• Note Your organization might already have a group set up for you with the appropriate access permissions. If your organization has an AWS account administrator, check with that person before starting the following procedure.

• Note If you're using , you can't use a terminal session in the AWS Cloud9 IDE to run some or all of the commands in this section. To address AWS security best practices, AWS managed temporary credentials don’t allow some commands to be run. Instead, you can run those commands from a separate installation of the AWS Command Line Interface (AWS CLI).

• Note If you have more than one group you want to add AWS Cloud9 access permissions to, repeat this procedure for each of those groups.

Enterprise setup

Additional setup options (team and enterprise)

• Note The following procedures cover attaching and detaching policies for AWS Cloud9 users only. These procedures assume you already have a separate AWS Cloud9 users group and AWS Cloud9 administrators group and that you have only a limited number of users in the AWS Cloud9 administrators group. This AWS security best practice can help you better control, track, and troubleshoot issues with AWS resource access.