Which AWS service allows you to manage user identities and access to AWS services?

The correct answer is AWS IAM, which stands for AWS Identity and Access Management. This service enables you to create and manage AWS users and groups, as well as establish permissions to allow or deny their access to AWS resources. IAM provides fine-grained control over access, allowing administrators to define policies that determine which services and resources users or applications can access, emphasizing both security and manageability.

IAM allows for multiple authentication methods, including password-based access, AWS access keys, and integration with identity providers like Active Directory and other federated authentication systems. Its key features include multi-factor authentication (MFA) for added security and the ability to create roles that applications or services can assume to access AWS services securely. By using IAM, organizations can enforce security best practices and ensure that users have the minimum level of access required to perform their tasks, thereby protecting AWS resources from unauthorized access.

The other services listed do not focus on identity and access management. AWS CloudTrail is primarily used for logging and monitoring account activity related to actions taken on AWS resources. AWS Config tracks resource configurations and changes over time, providing a way to assess compliance and resource history. AWS Organizations helps manage multiple AWS accounts under one master account, focusing on billing and resource management rather than direct user access