AWS IAM SLA Credits & Refunds

The IAM SLA is one of the more nuanced commitments AWS publishes, partly because security services have multiple availability tiers depending on how you deploy them. This guide breaks down which IAM configurations qualify for credits, the calculation method AWS uses, and the operational data you'll need to win a claim.

What this guide covers

• The official AWS IAM uptime commitment and credit tiers
• Which incidents qualify (and which exclusions silently disqualify claims)
• How to file an IAM credit request inside the AWS claim window
• Why manual claim recovery typically leaves money on the table

Frequently asked questions about AWS IAM SLAs

What is the typical SLA uptime guarantee for AWS IAM?

Core AWS IAM (users, roles, policies, STS) does not have its own standalone uptime SLA — there's no per-service charge to credit against. The closest published commitment is for IAM Access Analyzer, where AWS targets best-effort availability with tiered credits beginning when uptime falls below 99.9%. In practice, IAM availability is bundled into the underlying region's foundational reliability and you would typically claim credits against the dependent services (EC2, S3, etc.) that became unusable during an IAM control-plane disruption.

How do I claim AWS IAM SLA credits after an outage?

Open a billing case in the AWS Support Center within 60 days of the affected billing period (the exact window is in the IAM SLA itself). The case needs: the affected resource IDs, timestamps of the disruption in UTC, your monitoring evidence (CloudWatch metrics, error logs, or third-party uptime monitoring) cross-referenced against the AWS Health Dashboard, and your calculation of the Monthly Uptime Percentage. AWS reviews the case manually and applies any granted credit to your next invoice rather than refunding cash. Teams that file these regularly automate the evidence-gathering step because it's the most error-prone — a claim missing the wrong field gets denied and has to be refiled.

What exclusions apply to the AWS IAM SLA?

Because core IAM has no direct per-service SLA, AWS will routinely reject claims framed as "IAM downtime" — successful recovery requires pointing to specific paid services (EC2, RDS, Lambda, etc.) that became unavailable as a downstream effect.

Why is it difficult to get refunds for IAM outages manually?

Security and identity services fail quietly. A IAM disruption may not crash anything visible — it just causes authentication latency, silent permission denials, or policy-propagation delays that surface as user-reported bugs. Proving an SLA breach for IAM requires logs that capture these symptoms at request granularity, which most teams don't retain by default.

Related AWS SLA guides

Other AWS services that share the same claim window and Support Center workflow:

• AWS KMS SLA credits — Security
• AWS EC2 SLA credits — Compute
• AWS S3 SLA credits — Storage
• AWS RDS SLA credits — Database

Stop leaving AWS credits unclaimed

The hardest part of recovering IAM credits isn't the SLA — it's the lag between an outage and the moment somebody on your team has the bandwidth to file the case. By the time the FinOps team gets around to it, the evidence has rolled out of CloudWatch and the billing window is closing.

Next Signal watches AWS Health and your own observability data, detects IAM SLA breaches in real time, assembles the evidence package the way AWS expects it, and files the billing case for you. See how it works or start a free trial.