IAM controls access to AWS services via policies that can be attached to users, groups, and roles. Users are given long-term credentials to access AWS resources (username and password or access keys).
Roles allow for short-term access to resources when assumed, using temporary access credentials.
Identity and Access Management (IAM)
