Which IAM entity is associated with an access key ID and secret access key?

An IAM (Identity and Access Management) user is the entity that is associated with an access key ID and a secret access key. This is because the access keys are specifically designed to allow programmatic access to AWS services. When you create an IAM user, you have the option to generate access keys for that user, providing them the credentials needed to interact with AWS services via the AWS SDKs or CLI.

Access keys consist of a public part (the access key ID) and a private part (the secret access key). This enables the IAM user to authenticate themselves when making API calls to AWS services. The strong association between users and access keys underscores the importance of managing these credentials carefully, since they can provide robust access rights if not properly controlled.

In contrast, IAM roles are designed to be assumed by entities such as AWS services or IAM users but do not have static access keys associated with them. Groups act as a collection of users to manage permissions more easily, and while they can provide permissions through policies, they do not directly have an access key ID or secret access key. Policies are documents that define permissions and can be attached to users, groups, or roles but do not have access keys themselves.