IAM (Identity and Access Management) is a web service that helps securely control access to AWS services and resources.

IAM is a service for managing EC2 instances.

IAM is a database management service.

IAM is a tool for monitoring AWS resources.

IAM users are long-term identities created for individual people or applications. IAM roles are temporary identities that can be assumed by users, services, or applications and come with temporary credentials.

IAM users are temporary identities, while IAM roles are long-term identities.

IAM users and IAM roles are the same.

IAM users are for applications only, while IAM roles are for people only.

A JSON document that defines permissions (allow/deny) for actions on specific AWS resources.

A document that describes the AWS billing structure.

A policy for managing AWS costs.

A document for setting up AWS networking.

Identity-based policies are attached to users, groups, or roles. Resource-based policies are attached directly to AWS resources (e.g., S3 bucket policies).

Identity-based policies are for resources, while resource-based policies are for users.

Both are the same and can be used interchangeably.

Identity-based policies are for billing, while resource-based policies are for security.

A collection of IAM users. Policies attached to the group apply to all users within it.

A group of AWS services.

A collection of AWS resources.

A group of EC2 instances.

It grants permission to perform all S3 actions (like s3:GetObject, s3:PutObject, etc.).

It denies all S3 actions.

It allows only read actions on S3.

It allows only write actions on S3.

Attach a policy with s3:GetObject and s3:ListBucket actions on the desired bucket.

Attach a policy with s3:PutObject action.

Attach a policy with s3:DeleteObject action.

Attach a policy with s3:AllAccess action.