- Users, Groups, Roles, Policies
- Universal, not regional
- Root account is simply the account created when first setup your AWS account
- New users have no permission when first created
- New Users are assigned Access Key ID and Secret Access Keys when first created - for API / CLI, not console
- Can only view once. Save in secure location. Otherwise must regenerate them