AWS Identity and Access Management is a complete and free tool provided by AWS that allows us to control security inside our AWS account, inside an application running on AWS, and for granting access to external entities. This built-in capability is very valuable when building applications and running services in AWS, and can help us relieve the burden of building and managing our own identity management system. By following the AWS IAM best practices, we also have the ability to highly secure our environment and use its features to build compliance and adhere to regulations that govern application security. If the soft limits of the IAM system are not sufficient to support the authentication needs of our application, we can integrate the IAM environment with corporate directories such as Active Directory and other SAML 2.0-compatible providers. We can also introduce web identity federation with Amazon, Cognito, Google, and Facebook when building web-scale applications with huge numbers of users. This can be especially useful for mobile applications and games. In the next chapter, we will use Virtual Private Cloud (VPC) to create our own private networking environment.