# 2.4 IAM Conclusion

## What have we learnt so far

* IAM consists following things:
  * Users
  * Groups (a way to group your users and apply policies to them collectively)
  * Roles
  * Policy Documents (they are made universal, and they are in JSON format)
* IAM is univeral, it doesn't apply to regions at this time.
* The "root account" is simply the account created when first setup your AWS account . It has complete Admin access by default. The Users you created in the root account doesn't have complete admin access.
* New Users have **NO** permissions when first created.
* New Users are assigned Access Key ID & Secret Access Keys when first created. It can be downloaded in a csv file. These are not same as a password, and you cannot use them to login to AWS console. You can use them to access AWS via the APIs and Command Line (CLI) however. You can only see them once, so save the csv file to your local disk.
* Always set up Muti-factor Authentication on your root account.
* You can create and customize your own password rotation policies.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ibwpang.gitbook.io/aws-csa/sdfsfsafsd/24-iam-conclusion.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.