Which AWS service deals specifically with permissions across AWS resources?

The AWS Identity and Access Management (IAM) service specifically manages permissions across AWS resources. IAM allows you to create and manage AWS users, groups, and roles, and define permissions that control who can do what in your AWS account. This service provides fine-grained access control, ensuring that users can only access the resources they need for their job functions. IAM policies, attached to users or roles, define the specific actions that can be performed on resources, making it the cornerstone of security governance in AWS environments.

While other options like AWS IAM Access Analyzer help you understand the permissions granted in your account or to analyze IAM policies for potential risks, they do not handle permissions directly. Similarly, AWS Trusted Advisor provides insights and best practices for AWS account configurations but lacks direct involvement in managing permissions. AWS Service Control Policies (SCP) allow you to manage permissions across AWS Organizations but are not the primary service for managing IAM user permissions themselves. Therefore, IAM is the fundamental service for defining and enforcing permissions directly at the user level across all AWS resources.