The AWS Identity and Access Management (IAM) web service is used to securely control individual and group access to AWS resources. IAM is used to create, manage and grant permissions to identities that require access to AWS resources. 

Some basic facts about IAM:

  • There is no extra cost to using IAM. The only charge is for the consumption of AWS resources.
  • IAM is used to assign security credentials such as passwords, access keys, and multi-factor authentication (MFA) devices.
  • IAM is used to assign temporary security credentials including external entities.
  • An IAM user is a unique identity recognized by AWS services and applications.
  • An IAM user can only access AWS services and resources that have been explicitly granted to that user.
  • IAM users can be added to or removed from groups.
  • IAM users can belong to multiple groups.
  • IAM is global.
  • There are three types of IAM policies – AWS Managed Policies, Customer Managed Policies and Inline Policies.

Reference: AWS IAM FAQs