AWS IAM (AWS Identity and Access Management) is used by each AWS user to log in and operate the web console, or to operate AWS using Web API. Since you can define which services each IAM user is allowed or not allowed to operate on, properly restricting each IAM user's permissions allows him or her to use AWS more securely.

For example, you can create an IAM user that only has permission to Start/Stop an EC2 instance but not Terminate it, or create an IAM user that only has permissions for networks in the cloud (Security Group, VPC, etc.). Managing IAM users, such as creating IAM users, is a service that can be said to be the key to security when using AWS.

Features of AWS IAM

● User management function
You can manage users within your AWS account. You can create new users or change access privileges for existing users. You can also create and manage groups and roles within your AWS account.

● Access privilege management function
You can set detailed access privileges for resources on AWS. You control which AWS resources users can access using access control rules called policies. AWS IAM also manages credentials for accessing AWS services.

● Authentication function
This function issues the authentication information required to access AWS resources. You can issue access keys and secret access keys for each user in your AWS account. Use these keys to access your resources through the AWS API.

● Audit function
Provides an audit function for access control within AWS accounts. By integrating with AWS CloudTrail, you can track API requests and collect detailed logs of actions within your account. This allows you to track actions, identify issues, and monitor security.

● Multi-account management function
You can manage multiple AWS accounts by grouping AWS accounts and setting roles. By using the multi-account management feature, you can segment the management of AWS resources and improve security.

Beyond AWS related services

● AWS cloud integration