IAM gives you the tools to create and manage policies. To add permissions to an identity (user or group), you create a policy and then attach the policy to the identity. You can attach multiple policies to an identity, and each policy can contain multiple rules/permissions.
You use policies to define the permissions for an identity (user or group). You can add and remove permissions by attaching and detaching policies for an identity.
Attach. You attach a policy to an identity (a user or group). Attaching a policy applies the permissions in the policy to the identity.
Detach. You detach a policy from an IAM identity (a user or group). Detaching a policy removes its permissions from the identity.