On Amazon Web Services (AWS), authentication and authorization are primarily handled by Identity and Access Management (IAM). This chapter discusses IAM identities—which are sometimes described as principals. The one identity that comes with every new AWS account is the root user. Software developer's first job should be to understand how policies are used to control the behavior of IAM identities. An IAM policy is a document that identifies one or more actions as they relate to one or more AWS resources. Access keys provide authentication for programmatic or Command Line Interface‐based access. An IAM role is a temporary identity that a user or service seeking access to developers account resources can request. This kind of authorization can solve a lot of logistical problems. AWS provides a wide range of tools to meet as many user and resource management needs as possible.