There are 6 basic terms in IAM. Let's see the first 3 terms.
1. Principal:-
A principal is a person or application that can make a request for an action or operation on an AWS resource.
Your administrative IAM user is your first principal.
You can allow users and services to assume a role.
IAM users, roles, federated users, and applications are all AWS principals.
You can support federated users or programmatic access to allow an application to access your AWS account.
2. Request:-
When a Principal tries to use the AWS management console, the AWS API, or the AWS CLI, that principal sends a request to AWS. The Request includes the following information.
Actions
Principal
Resources
Environment Data
Resource Data
3. Authentication:-
A principal sending a request must be authenticated (signed in to AWS) to send a Request to AWS
Some AWS services like AWS S3, allow requests from anonymous users they are exceptions to the role.
To authenticate from the console as a root user, you must sign in with your username and password.
To authenticate from the API to CLI, you must provide your access Key and Secret Key.
You might also be required to provide additional security information like Multi-Factor-Authentication (e.g. Google Authenticator)