IAM is a centralized service that manages users, credentials, policies, and keys for the resources deployed in AWS. You should create individual accounts for each user that creates or accesses AWS resources. When possible, you should enable AWS Multi-Factor Authentication (MFA) for the IAM user account to further secure unauthorized access to assets running in the public cloud.

You should always leverage IAM Policies to assign permissions to IAM user accounts. You should scope these permissions with the least privilege security model by only permitting access based on users’ job requirements.