Granular permissions

Let's take a common scenario: you want to allow developers in your organization to have complete access to the Elastic Compute Cloud (EC2) service and the finance or accounting team should have access to billing information and people in the human resources department should have access to a few S3 buckets. You can configure these permissions in IAM, however, let's say you want to have your developers access the EC2 service only from Monday to Friday and between office hours (let's say 8 a.m. to 6 p.m.), you can very well configure that as well.

IAM allows you to have really fine grain permissions for your users and for your resources. You could even allow users to access certain rows and columns in your DynamoDB table!