AWS IAM enables customers to control access securely for their AWS resources and AWS users. In a nutshell, IAM provides authentication and authorization for accessing AWS resources. It supports accessing AWS resources through a web-based management console, CLI, or programmatically through API and SDK. It has basic features for access control such as users, groups, roles, and permissions as well as advanced features such as Identity Federation for integrating with the customer's existing user database, which could be a Microsoft Active Directory or Facebook, or Google. You can define granular permissions for all your resources as well as use temporary security credentials for providing access to external users outside of your AWS account.