In this section, we are going to briefly discuss AWS IAM, specifically for serverless computing. IAM is a central location where you can manage users and security credentials—such as password, access keys, and permission policies—that control access to the AWS services and resources. We are going to talk about the most relevant IAM resources: policies, roles, groups, and users.

IAM policies are JSON documents that define the affected action's resources and conditions. Here is an example of a JSON document that will grant read access to DynamoDB tables, called Books only if the request originates from a specific IP range:

There is also a visual editor that allows you to create these or you can do so manually by editing the JSON document itself.