Onboarding Step 2: Create and configure IAM policies and entities

Here, you'll learn how to create and configure the Identity and Access Management (IAM) policies and entities. The goal is to create an IAM user. You'll need an IAM user when you register your application in Developer Central.

Create an AWS Account

The Amazon Business API security model uses AWS authentication credentials, so you'll need an AWS account. To create a free account, visit AWS Free Tier. To create and activate a new AWS account, refer to How do I create and activate a new AWS account?.

Create an IAM policy

This IAM policy defines the permissions necessary to initiate API requests.

  1. Once your AWS account is activated, sign in and navigate to Services.
  1. Select IAM.
  1. On the left navigation, select Policies.
  1. Select Create policy.
  "Version": "2012-10-17",
  "Statement": [
    "Effect": "Allow",
    "Action": "execute-api:Invoke",
      "Resource": "arn:aws:execute-api:*:*:*"
  1. Select JSON from the drop-down list.
  2. Add the JSON code as shown.
  1. Select Review policy.
  2. On the Review policy page, enter a name for the policy. The description field is optional.
  3. Review the policy summary to see the permissions that are granted.
  1. Select Create policy.


The AmazonBusinessAPIPolicy is only an example name.

Create an IAM user

An IAM user is used to generate AWS keys for authenticating Amazon Business API requests.
We recommend creating a new IAM user exclusively for this purpose. The policy created will be attached to this IAM user.

To create an IAM user, follow these steps.

  1. Sign in to the AWS Management Console.
  2. Open the IAM console.
  3. On the left navigation, select Users.
  1. Select Add user.
  1. Enter a user name.
  2. Select Programmatic access.
  3. Choose Next: Permissions.
  4. Select Attach the existing policies directly. The AWS access key ID for the newly created IAM user is displayed.
  1. Select Show to view the AWS secret access key.

To save the AWS access key, select Download .csv and save the file securely. The Access key ID and Secret access key in the image are examples only.


Important! Save the secret access key.

The AWS secret access key is used to authenticate the Search API requests. Save the secret access key now. You'll not see the key later. If you lost the key, you'll need to start over.