The 8 main features of the IAM service are as follows:-
1. Shared access to your AWS account
You can grant other people permission to administer and use resources in your AWS account without having to share your access credentials (password or access key)
2. Granular Permissions
You can grant different permission to different people for different resources.
For example, you can allow some users complete access to EC2, S3, dynamo DB, and Redshift while for others you can allow read-only access to just some S3 buckets or permission to administer just some EC2 instances or access your billing information but nothing else.
3. Secure Access to AWS resources for applications that run on Amazon EC2
You can use IAM features to securely give an application that runs on an EC2 instance the credentials that they need in order to access other AWS resources example includes S3 buckets and RDS or DynamoDB Databases.
4. Multifactor Authentication (MFA)
You can add 2-factor authentication to your account and to individual users for extra security. You can use Physical Hardware or Virtual MFA (e.g.-> Google Authenticator)
5. Identity Federation
You can allow users who already have passwords elsewhere e.g. in your corporate network or with an internet identity provider to get temporary access to your AWS Account. (Crux-> when you use some application logging with your Facebook/Gmail account and password that happens via an API and process is happening because your application has Identity Federation with the Facebook/Gmail)
6. Identity information for assurance
If you use the AWS cloud trail, you receive a log record that includes information about those who made requests for resources in your account. That information is based on IAM identities.
7. PCI-DSS Compliance
IAM supports the processing, storage, and transmission of Credit Card by a merchant or a service provider, and has been validated as being compliant with Payment Card Industries (PCI) Data Security Standard (DSS).
8. Eventually Consistent
If a request to change some data is successful, the change is committed and safely stored. However, the change must be replicated across IAM, which can take some time.
IAM achieves high availability by replicating data across multiple servers within AWS data center around the world.