IAM is a secure AWS access management resource. Access and authorization means “who are you, and should you be here?” You can get IAM by signing up for an AWS account. After you sign up for an AWS account, you can create additional users and groups under your account. Account holders can create and manage AWS users and groups, as well as define permissions that allow or deny access to other AWS resources within the account holders software. It’s like buying a house and deciding who rents the rooms in the house, as well as which rooms in your house they can go to. This is all done at no extra charge to the account holder. You are only charged for the other AWS resources that your users or groups use under your account, but not for the actual IAM resource. You can decide who has access to your servers based on conditions like Multi-factor Authentication (MFA). Mobile access with mobile apps and web identity providers, as well as a corporate directory for on-premises solutions, are configurable in IAM too. AWS also has documentation to guide you through the best practices for securing your cloud with IAM.