IAM is a globally resilient web service that helps you securely control access to AWS resources.
IAM is where you manage your AWS users and their access to AWS accounts and services.
IAM is commonly used to manage:
Users
Groups
IAM Access Policies
Roles
Note: The user created when you created the AWS account is called the "root" user.
By default, the root user has full administrative rights and access to every part of the account.
By default, any new users you create in the AWS accounts are created with no access to any AWS services.
For all users (besides the root user), permissions must be given that grant access to AWS services.
An IAM group is a collection of IAM users. Groups allow you to set and manage permissions for multiple users at the same time.
Groups are a more convenient and efficient way to manage account permissions.
A user can have access to up to 10 groups. One user can be part of several groups.
A role that a service assumes to perform actions on your behalf is called a service role. Allows EC2 instances to call AWS services on your behalf. For example, you can an EC2 instance to store all the log files in an S3 bucket.