Identify and Access Management

AWS Identity and Access Management (IAM) lets you create users and control access for those users on AWS services using policies. IAM allows you to do the following things:

• Manage IAM users and their access: You can create users in IAM, assign them individual security credentials (access keys, passwords, and multi-factor authentication devices), or request temporary security credentials to provide users access to AWS services and resources. You can manage permissions in order to control which operations a user can perform.
• Manage IAM roles and their permissions: You can create roles in IAM, and manage permissions to control which operations can be performed by the entity or AWS service that assumes the role. You can also define which entity is allowed to assume the role.
• Manage federated users and their permissions: You can enable identity federation to allow existing identities (for example, users) in your enterprise to access the AWS Management Console, to call AWS APIs, and to access resources without the need to create an IAM user for each identity.