Manage users and permissions

Account owner with full privileges

Documents that define permissions

Used to grant permissions to AWS services

Collection of users with shared policies

Adds an extra authentication factor

Provided via STS

Use least privilege

Can enforce rotation policies

Access key ID and secret access key

Allows external identities to access AWS

Govern permissions in AWS Organizations