The true purpose of IAM is for AWS control-plane and data-plane elements to interact autonomously with resources that are in your account without violating the dialectic around security “of the cloud” vs “in the cloud”.

And this is also why you need a PhD to fully comprehend it