This sentence is devided into two sentences:
- Identity: is to define who you are, effectively presenting your identity, so for example your AWS username. This identification is a unique value within IAM for your account, so this means IAM would prevent you from having 2 identical user accounts with the same name within the same AWS account. the identity can be users, federated_users, Application, Role
- Access Management: is to verify that you are who you say you are. This is achieved by supplying additional data, and when using our AWS usernames we can verify this by supplying a password.
Now, Access Management relates to authorization and access control. Authorization determines what an identity can access within your AWS account once it’s been authenticated to it. An example of this authorization would be the user’s list of permissions to access specific AWS resources, for example, they might have Full Access to EC2 or Read Only to RDS.
- Shared access to the AWS account.
- Secure access to AWS resources for applications that run on AWS.
- Granular permissions.
- Multifactor authentication (MFA).
- Identity Federation.
- Identity information logs for audits and compliance purposes.
- Free to use.
- Integrated with many AWS Services.
- Eventually consistent.
- PCI compliance.
- Password policy.
- AWS STS.
This service is for the dministrators in the company