AWS Identity and Access Management
IAM User Guide

Access Management

When you use your account's root credentials, you can access all the resources in your AWS account. In contrast, when you create IAM users, IAM groups, or IAM roles, you must explicitly give permissions to these entities so that users can access your AWS resources.

This section describes permissions, which are rights that you grant to a user, group, or role that define what tasks users are allowed to perform in your AWS account. To define permissions, you use policies, which are documents in JSON format.

To learn more, we recommend you read the following sections: