AWS provides three different identities - Users, User Groups, and Roles - to manage access to AWS resources.
- IAM Users - Users are individual entities (can be real people or applications) in IAM, who can be provided with individual security credentials (access keys, passwords, multi-factor authentication), and individual access to AWS resources and services.
- User Groups - User groups are collection of users. Permissions can be set on groups so that all users within a group have the same permissions.
- IAM Roles - IAM roles are entities that can be created and assigned specific permissions. A role can be assumed by anyone who needs it, and is not associated with a single group or entity.
