Now, you should have a clearer understanding of authentication and authorization. How do these mechanisms play a part in access control? The term access control is an umbrella term for how we can manage, restrict, and allow access to resources, and there are different mechanisms for achieving this within AWS.  

I have already mentioned one method: using a username and password for your user accounts. Another method of access control is to implement Multi-Factor Authentication (MFA), which uses a randomized, six-digit number that changes on a regular basis and has to be entered, along with the password. This provides a second level of verification in the authentication process, making it harder to compromise a specific account.

There are several other methods of access control used within AWS; an example is federated access. Federated access allows users outside of your AWS IAM environment to connect and access your AWS resources, using existing accounts, such as their Google or Facebook account, or even their on-premise corporate MS Active Directory accounts. We will discuss federation later.

IAM roles are another method of access control. By using roles, you are able to assume temporary credentials, allowing you to gain access to AWS resources.