AWS Identity And Access Management (IAM) provides the following key capabilities.
1. Access control to AWS resources - IAM enables fine-grained access control to AWS resources and APIs. IAM enables access control by specific conditions like - by time of day, by originating IP address, by SSL, by MFA etc.
2. Multi-factor authentication (MFA) - IAM provides the capability for MFA, which augments the basic authentication with MFA token/device based authentication.
3. Federated access - IAM provides the capability to grant access for AWS resources to existing employees of a company, using the companies existing identity system.
4. Analytics - IAM provides reporting capabilities to analyze the access provided across AWS resources and services.