AWS primarily focuses on Identity and Access Management (IAM) to control who is authenticated (signed in) and authorized (has permissions) to use resources.

IAM (Authentication & Authorization)
- IAM to the security system of a bank that verifies and authenticated individuals before granting access.
Bank Sections (Representing AWS Resources):
- Sensitive Data: Equivalent to restricted AWS resources that require strict permissions.
- Employee Desk: Represents standard AWS resources accessible to employees with appropriate roles.
- Service Desk: Symbolizes public or semi-public AWS resources with fewer restrictions.

Controlling access to resources is crucial for security and operational efficiency.
IAM policies define who can access what resources. For example:
- If someone needs access to an AWS database (like Amazon RDS), specific permissions can be assigned.
- If another team member needs access to EC2 instances, permissions can be tailored to just those services.

Simplifying AWS IAM with a Bank System Analogy