This chapter explores how to use the AWS Identity and Access Management (IAM) service. IAM is possibly the most important service for the security of everything you do in AWS. IAM controls who has access to AWS APIs and resources in your account. Misconfiguration or mishandling of the service’s resources opens you up to numerous attacks. In the worst case, an attacker could gain full control of all of your AWS resources. They could use that access to shut down applications, leak data, or steal proprietary information. A much more common attack on misconfigured identity and access management is reading from S3 buckets that allow public access. This happens with staggering frequency. AWS accounts without important infrastructure or data can even be used to create a large number of servers for mining bitcoin or to use as part of a botnet, all on your dime.