AWS IAM: A closer look

Users and groups

When you open an AWS account, the identity you begin with has access to all AWS services and resources in that account. You use this root account's identity to establish less-privileged users and role-based access in IAM. IAM is a centralized mechanism for creating and managing individual users and their permissions with your AWS account. Every interaction you make with AWS is authenticated.

Users and groups should be used for managing access to resources within your account. …

access account aws closer iam identity mechanism permissions privileged resources role root services