IAM is the area under aws console, where we create and manage user, groups and roles in addition to managing permission on them.
It is critical to understand this section of aws in great detail, as this is where we control the users and limit/allow their access based on user type.
below are the critical terms associated with IAM
An individual user who can sign in to console and/or access different devices over API key.
The group is a collection of users with one set of permission, used to set access control on the specific set of users. eg: HR users who have access limited to S3 bucket for file storage
Roles allow access to users or services, which does not generally have access to aws. Here an IAM user of aws service gets temporary access over API call.
Eg: EC2 instances can access S3 using a role
Basically permissions. We can attach a policy to a user group or role. Access control in a policy is managed by the policy document, which is JSON document.
AWS support multifactor authentication and root user(the user, which is used to create aws account) is always urged to use MFA (Multi-Factor Authentication)
IAM user sign in link
User sign in link can be seen on top of the page, which is in the pattern https://AccountNumber.signin.aws.amazon.com/console
The account number could be replaced by an available name, by clicking on the number