An IAM user is intended for long-term access to an AWS account for one person, application, or service. In other words, an IAM user should be used to represent a principal (person or application). This principal must authenticate to be considered the actual IAM identity (authenticated identity). The IAM user must be authorized (via policies) to perform actions.