It allows you to manage users and their levels of access to the AWS resources. Here are some key points to remember when thinking about IAM:
IAM is universal, it is not specific to a region or AZ
Centralized control to the AWS account
Shared Access to your AWS account
Granular Permissions
Identity federation (like Active Directory)
MFA – Multifactor Authentication – Two factor Auth
Temporary access for users
Allows you to set up your own password rotation policy
Integrates with many different AWS services and supports PCI DSS compliance