AWS Identity and Access Management (IAM) is a web service that enables you to manage users and user permissions within the AWS infrastructure. This allows for the central control of users, user access, and security credentials. As there are a plethora of services being offered by AWS, there is a need for authorized users to securely access these services. IAM defines concepts, constructs, and services to achieve this.

IAM solves the following issues:

• Credential scoping: Grants access and the required permissions only to the services a user requires. For example, a web application needs write permission to a specific bucket within S3, instead of assigning write permission to all the S3 buckets.
• Credential distribution: Facilitates the distribution and rotation of credentials to users, instances, and across applications in a secure manner.
• Manages access for federated users: Federated users are users that are managed outside IAM. Typically, these are users in your corporate directory. IAM allows for granting access to the AWS resources to the federated users; this is achieved by granting temporary security credentials to the federated user.

Covering IAM in its entirety is beyond the scope of this book and probably would need a book of its own. In this section, only the pertinent IAM concepts and services are discussed, which cover a general web hosting use case.