AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM enables customers to leverage the agility and efficiency of the cloud while maintaining secure control of their organization’s AWS infrastructure. IAM Administrators new to AWS can be sometimes overwhelmed by the options available as they face competing goals: securing the environment while quickly enabling new users to accomplish their jobs. Further complicating the task, the initial controls they implement must grow and adapt without disrupting productivity as the company navigates its path to the cloud.
AWS IAM allows you to:
Manage IAM users and their access – You can create users in IAM, assign them individual security credentials (in other words, access keys, passwords, and multi-factor authentication devices), or request temporary security credentials to provide users access to AWS services and resources. You can manage permissions in order to control which operations a user can perform.
Manage IAM roles and their permissions – You can create roles in IAM and manage permissions to control which operations can be performed by the entity, or AWS service, that assumes the role. You can also define which entity is allowed to assume the role. In addition, you can use service-linked roles to delegate permissions to AWS services that create and manage AWS resources on your behalf.
Manage federated users and their permissions – You can enable identity federation to allow existing identities (users, groups, and roles) in your enterprise to access the AWS Management Console, call AWS APIs, and access resources, without the need to create an IAM user for each identity. Use any identity management solution that supports SAML 2.0, or use one of our federation samples (AWS Console SSO or API federation).
Eventually Consistent: IAM, like many other AWS services, is eventually consistent. IAM achieves high availability by replicating data across multiple servers within Amazon’s data centers around the world.
Flexible security credential management
Leverage external identity systems
Seamlessly integrated into AWS services
You can find all the details on how to start with AWS IAM from the below link
Once you are familiar with the basic understanding of IAM its good to follow the best practices which helps you utilize the IAM more efficiently. The below link provides information on the same.
AWS Identity and Access Management is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your Users.