In this tutorial, we are going to learn about IAM, one of the most important and usefully service of Amazon Web Service.

What is IAM?

IAM stands for identity and access management.

It is a global service because in IAM, we are going to create our users and assign them to group.

So we've already used IAM without knowing, when we created an account, we created a root accounts, and has been created by default. This is the root user of our accounts.

And the only things you should use it for is to set up your account,But then you shouldn't use that account anymore, or even share it.

What you should be doing instead, is create users, so you will create users in IAM, and one user represents one person within your organization. and also the users can be grouped together if it makes sense.

Why do we create users and why do we create groups?

Well, because we want to allow them to use our AWS accounts and to allow them to do so, we have to give them permissions. 

So in AWS, we don't allow everyone to do everything that would be harmful, because a new user could basically launch so many services and they will cost you a lot of money or would be valid for security.

So in AWS, you apply a principle called the least privilege principle means don't give more permissions than a user needs.

In case, if a user just needs access to these services, just create a permission for that user.