AWS Identity and Access Management (IAM)
IAM User:
Newly created IAM User has no permissions associated with it.
IAM Policy:
IAM Policy allows us to change the permission on resources like EC2, S3, etc.
IAM Group:
IAM Group is a collection of users. We can assign IAM policy to IAM Group.
IAM Roles:
IAM Roles is a temporary access to some resource. We do not assign roles. Users, application or services can assume IAM Roles.
Once a roles is assumed all previous permissions granted through groups and policies are not valid for the total duration of IAM Role is assumed.
MFA is extra layer of security provided in IAM