Which statement about AWS Identity and Access Management (IAM) is true?

The assertion about AWS Identity and Access Management (IAM) granting principals granular access to the console is valid because IAM is designed to provide fine-grained access control over AWS resources. This means that administrators can create specific policies that define what actions a user, group, or role can perform on particular resources. This capability allows for tailored access permissions, ensuring that each principal only has access to the services and resources necessary for their role. This granularity is essential for maintaining security and adhering to the principle of least privilege, which limits users' access to only what is essential for their work.

This multifaceted approach stands in contrast to the other statements. IAM does not exclusively restrict access to the AWS management console; it allows access to various AWS services via the API, CLI, and SDKs. Additionally, IAM roles can be assumed by various entities, including AWS services and users, and are not limited to direct assignment to users. Furthermore, IAM fully supports API access for managing AWS resources, facilitating automation and programmatic control of cloud environments.