Whenever a user or service is authenticating to AWS, they will need to present a certain credential, depending on the way the AWS environment is being accessed. There are several different types of credentials used in AWS:

• User credentials: By default, a user has none but can be assigned any of the following credentials:
  • The AWS Management Console password: This is only used to access the AWS Console from a browser.
  • The access keys: Both the access key ID and secret access key can be used to authenticate to AWS when using the AWS CLI or the SDK.
  •  An SSH key: This can be used when accessing AWS CodeCommit and for general access to SSH consoles of servers on AWS.
• Server credentials: Servers can use X.509 Certificate authentication for SSL/TLS connections.
• Role credentials: When a user or service assumes a role, temporary security credentials are created and exchanged between the caller and the service being called. The credentials expire every hour by default but the value can also be set to anything between 15 minutes and 12 hours upon role assumption.
• Temporary token credentials: Security tokens issued by the AWS Security Token Service (STS) web service on AWS that enables the requesting and issuing of temporary, limited-privilege credentials for users within IAM or users authenticated by a federation with an external directory.

All of the credentials mentioned here can be managed and distributed securely and automatically within the AWS environment. This means we can easily automate the way we create, manage, and assign security permissions and grant access to our application running on AWS.