IAM gives you the ability to manage users, their service account, their permissions, and their roles across all your services. In addition, you can create instance-, container-, or function-scoped roles. Federation of existing directory services and single sign-on solutions can also be accomplished using IAM. We'll come back to IAM in Chapter 4, Security - Ensuring the Integrity of Your Systems.
IAM
Security Token Service
The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users. We'll see why this is a great feature when we cover least privilege security in Chapter 4, Security - Ensuring the Integrity of Your Systems.
Speaking of least...