AWS Identity and Access Management (IAM) is a web service that enables you to manage users and user permissions within the AWS infrastructure. This allows for the central control of users, user access, and security credentials. As there are a plethora of services being offered by AWS, there is a need for authorized users to securely access these services. IAM defines concepts, constructs, and services to achieve this.
IAM solves the following issues:
- Credential scoping: Grants access and the required permissions only to the services a user requires. For example, a web application needs write permission to a specific bucket within S3, instead of assigning write permission to all the S3 buckets.