I want to allow users or groups access to my AWS resources. How can I do that using AWS Identity and Access Management (IAM)?
You can create IAM identities (users, groups, roles) and assign custom permissions sets (IAM policies) to those identities. This allows you to grant each user access to only the services, resources, and information that they need to perform tasks. Each user can also be assigned unique security credentials, access keys, and multi-factor authentication devices.
Note: It's a best practice to grant least privilege for only the permissions required to perform a task. For more information, see Grant least privilege.
You can also integrate IAM policies and permissions with directories that you already manage, including Microsoft Active Directory, AWS Directory Service, or an OpenID Connect provider. For more information, see Identity providers and federation.
You can interact with IAM through the web-based IAM console, the AWS Command Line Interface, or the AWS API or SDKs. IAM is offered at no additional charge. For more information, see Getting started with IAM.
For a list of AWS services that support IAM, see AWS services that work with IAM.
Identity federation in AWS
Security best practices in IAM