> For the complete documentation index, see [llms.txt](https://awsnotes.dendron.so/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://awsnotes.dendron.so/security-identity-and-compliance/aws-identity-and-access-management-iam/topics/identities.md). # Identities {% hint style="info" %} This page was generated from content adapted from the [AWS Developer Guide](https://github.com/awsdocs/iam-user-guide.git) {% endhint %} ## Users * **Important**\ IAM [best practices](https://github.com/kevinslin/aws-reference-notes/blob/main/services/aws_identity_and_access_management_iam/best-practices.md) recommend that you require human users to use federation with an identity provider to access AWS using temporary credentials instead of using IAM users with long-term credentials. * **Important**\ If you found this page because you are looking for information about the Product Advertising API to sell Amazon products on your website, see the [Product Advertising API 5.0 Documentation](https://webservices.amazon.com/paapi5/documentation/). ## Roles * **Note**\ When you first create your AWS account, no roles are created by default. As you add services to your account, they may add service-linked roles to support their use cases.\ A service-linked role is a type of service role that is linked to an AWS service. The service can assume the role to perform an action on your behalf. Service-linked roles appear in your AWS account and are owned by the service. An IAM administrator can view, but not edit the permissions for service-linked roles.\ Before you can delete service-linked roles you must first delete their related resources. This protects your resources because you can't inadvertently remove permission to access the resources.\ For information about which services support using service-linked roles, see [AWS services that work with IAM](https://github.com/kevinslin/aws-reference-notes/blob/main/services/aws_identity_and_access_management_iam/reference_aws-services-that-work-with-iam.md) and look for the services that have \*\*Yes \*\*in the **Service-Linked Role** column. Choose a **Yes** with a link to view the service-linked role documentation for that service. ## Tagging IAM resources * **Note**\ If your account is a member of AWS Organizations, see [Tag policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) in the Organizations user guide to learn more about using tags in Organizations. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://awsnotes.dendron.so/security-identity-and-compliance/aws-identity-and-access-management-iam/topics/identities.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.