AWS Identity and Access Management (IAM) enables centralized control to secure access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use fine-grained permissions to allow and deny their access to AWS resources.

In this chapter, we present recipes for using AWS IAM to create users and roles, and assign appropriate permissions to securely access AWS services. Users can also be added to a group using the IAM groups feature and permissions can be assigned at the group level. You can integrate your on-premise active directory with IAM. You can also assign policies to users, groups, and roles where the policies contain one or more permissions. Finally, we present a recipe to configure multifactor authentication (for enhanced security) to access certain AWS services.