IAM policies are how permissions are delegated to the users, roles, and groups in your account. They are simple JSON documents that specify what permissions are specifically allowed or denied, what resources those permissions can/can't be used on, and under what conditions those rules apply. We can use these to enforce fine-grained permissions models within our AWS environment.