AWS Identity and Access Management (IAM) is a service provided by AWS that lets you control access to your AWS resources. IAM enables you to control who can access your resources (authentication) and in which ways (authorization).
Authentication in IAM
Authentication or identity management in AWS IAM consists of the following identities:
An IAM user interacts with your AWS resources from the AWS console and the AWS CLI. By default, a new IAM user has no access to any AWS resource.
An IAM group consists of IAM users and permissions assigned to those users.
An IAM role is an entity with a specific set of permissions.
Authorization in IAM
IAM Policies determine authorization or access management in IAM by granting specific permissions to various IAM identities.