IAM users are used to control access to a specific AWS resource.

IAM user names can represent a collection of individuals.

Every IAM user for an account must have a unique name.

Every IAM user name is unique across all AWS accounts.

Apply an AWS Identity and Access Management (IAM) policy to an IAM group.

Apply an AWS Identity and Access Management (IAM) policy to an IAM role.

Create a resource-based policy.

Create an organization in AWS Organizations.

They are uniquely associated to an individual.

They can only be used by accounts associated to the person who creates the role.

They can be assumed by individuals, applications, and services.

They provide temporary security credentials.

They provide permanent security credentials.

It can be applied to any AWS resource.

It can be an AWS managed policy.

It is attached to a user or group.

It is always an inline policy.

It checks for explicit allow statements before it checks for explicit deny statements.

It checks for explicit deny statements before it checks for explicit allow statements.

If there is no explicit deny statement or explicit allow statement, users will have access by default.

An explicit deny statement does not override an explicit allow statement.

Create a single IAM user for the developer team and attach the required IAM policies.

Create an IAM user for each developer, and attach the required IAM policies to each IAM user.

Create an IAM user for each developer, put them all in an IAM group, and attach the required IAM policies to the IAM group.

Create a single IAM user for the developer team, place it in an IAM group, and attach the required IAM policies to the IAM group.

Users can use single sign-on (SSO) to access the application through an existing authenticated identity.

The application can synchronize users' user names and passwords in AWS Identity and Access Management (IAM) with their social media accounts.

The browser can establish a trust relationship with the application to bypass the need for multi-factor authentication (MFA).

Users can use their AWS Identity and Access Management (IAM) accounts to log in to on-premises systems.