Enhanced Security: IAM enables security best practices by allowing you to grant unique security credentials to users and groups to specify which AWS service APIs and resources they can access.
Granular control: IAM provides the granularity to control a user’s access to specific AWS services and resources using permissions.
Temporary Credentials: In addition to defining access permissions directly to users and groups, IAM lets you create roles. Roles allow you to define a set of permissions and then let authenticated users or EC2 instances assume them, getting temporary access to the resources you define.
Flexible security credential management: IAM allows you to authenticate users in several ways, depending on how they want to use AWS services. You can assign a range of security credentials including passwords, key pairs, and X.509 certificates.
Leverage external identity systems: You can use IAM to grant your employees and applications access to the AWS Management Console and to AWS service APIs, using your existing identity systems.