The AWS Identity and Access Management (IAM) service offers a range of policy types to build out a secure cloud environment. In this session, we review the IAM policy types available and step through the policy structure, including which policy to use when, where, and how. We also look at new IAM features, and to align with AWS security best practices we highlight AWS tools you can use to verify the least amount of privileges required across your policies and answer the question of who can access what.