IAM (Identity and Access Management)

Abbreviation: IAM

IAM (Identity and Access Management) is the cloud service that controls who and what can act in your account, and exactly what each is allowed to do. Every user, application, and permission decision flows through it, making it the front door to everything else you run.

IAM (Identity and Access Management) is the cloud service that controls who and what can act in your account, and exactly what each is allowed to do. Every human login, every application credential, and every permission check flows through it.

In plain terms

It’s the badge system for your cloud: every person and every application carries a badge, and IAM decides which doors each badge opens. A typical setup: engineers sign in through company SSO and receive a “developer” role that can deploy but not touch billing, while the app server carries its own machine identity that can read one database and nothing else. AWS and Google Cloud both call the service IAM; Azure splits it between Microsoft Entra ID (identities) and Azure RBAC (permissions).

Why it matters when you migrate

  • It’s the first thing you configure, before any workload. Getting roles and SSO right in your landing zone is an afternoon; untangling an over-permissioned account later takes months.
  • It decides the cost of a leaked credential. Most cloud breaches start with a stolen key or password, and least-privilege IAM is what caps the damage at one system instead of the whole account.
  • Auditors read it first. SOC 2 and HIPAA reviews start with who has access to what, so a clean IAM setup is compliance groundwork you only pay for once.