diff --git a/sections/iam.md b/sections/iam.md
index 5f9ac55..35f773f 100644
--- a/sections/iam.md
+++ b/sections/iam.md
@@ -13,6 +13,17 @@
     - [IAM Security Tools](#iam-security-tools)
     - [IAM Guidelines \& Best Practices](#iam-guidelines--best-practices)
     - [Shared Responsibility Model for IAM](#shared-responsibility-model-for-iam)
+  - [Multi-Factor Authentication (MFA)](#multi-factor-authentication-mfa)
+    - [Benefits of MFA](#benefits-of-mfa)
+  - [MFA Devices Options in AWS](#mfa-devices-options-in-aws)
+  - [How Can Users Access AWS?](#how-can-users-access-aws)
+  - [What’s the AWS CLI?](#whats-the-aws-cli)
+    - [Key Features of AWS CLI:](#key-features-of-aws-cli)
+    - [Example Commands:](#example-commands)
+  - [What’s the AWS SDK?](#whats-the-aws-sdk)
+    - [Key Features of AWS SDK:](#key-features-of-aws-sdk)
+    - [Example Usage (Python boto3 SDK):](#example-usage-python-boto3-sdk)
+  - [IAM Section – Summary](#iam-section--summary)
 
 ## What Is IAM?
 
@@ -159,3 +170,105 @@
 | Protect physical data centers and global infrastructure.  | Manage and secure IAM user accounts and access keys.                                   |
 | Maintain the availability of IAM service.                 | Implement strong password policies and enable MFA.                                     |
 | Provide IAM managed policies for common scenarios.        | Ensure IAM permissions are correctly configured and follow the principle of least privilege. |
+
+## Multi-Factor Authentication (MFA)
+
+- **MFA** adds an extra layer of protection on top of a username and password.
+- With MFA enabled, when a user signs in, they must provide:
+  1. Their **password** (something they know).
+  2. An **authentication code** from their MFA device (something they have).
+- Even if a user’s password is compromised, MFA can prevent unauthorized access.
+
+### Benefits of MFA
+
+- Enhances account security by requiring a second form of authentication.
+- Reduces the risk of credential compromise and unauthorized access.
+- AWS recommends enabling MFA for all IAM users, especially for root accounts and privileged users.
+- Main benefit of MFA: if a password is stolen or hacked, the account is not compromised
+
+## MFA Devices Options in AWS
+
+AWS supports several types of MFA devices:
+
+| **MFA Device Type**                             | **Description**                                                                                                          |
+|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|
+| **Virtual MFA Device**                          | Uses apps like Google Authenticator or Authy. Generates a time-based one-time password (TOTP) on a smartphone or tablet.  |
+| **Hardware MFA Device**                         | Physical devices like Gemalto tokens that generate time-based codes.                                                     |
+| **U2F Security Key**                            | USB devices supporting the Universal 2nd Factor (U2F) standard. Typically used for browser-based sign-ins.               |
+| **AWS Multi-Factor Authentication (MFA)**       | AWS offers its own MFA solutions integrated with IAM to easily configure and manage MFA devices for users.               |
+
+## How Can Users Access AWS?
+
+AWS provides multiple ways for users to access resources:
+
+| **Access Method**              | **Description**                                                                                                                                                 |
+|--------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **AWS Management Console**     | A web-based user interface for interacting with and managing AWS resources visually. Best for beginners and infrequent tasks.                                    |
+| **AWS Command Line Interface (CLI)** | A unified tool to interact with AWS services using commands in your terminal. Suitable for automation and developers.                                          |
+| **AWS Software Development Kits (SDKs)** | Language-specific APIs for programmatically accessing AWS services using programming languages like Python, JavaScript, Java, Ruby, etc.                        |
+| **AWS CloudFormation**         | A service to define and provision AWS infrastructure using code (Infrastructure as Code – IaC). Allows creating stacks and automating deployment configurations.  |
+| **AWS Mobile Console**         | Provides mobile access to manage AWS services on-the-go.                                                                                                         |
+
+## What’s the AWS CLI?
+
+- **AWS CLI (Command Line Interface)** is a unified tool to manage AWS services through your terminal or command prompt.
+- It allows you to issue commands and automate tasks across multiple AWS services.
+- Supports both Windows, macOS, and Linux.
+- Direct access to the public APIs of AWS services
+
+### Key Features of AWS CLI:
+
+1. **Command automation**: Write scripts to automate frequent AWS tasks.
+2. **Access to all services**: Interact with any AWS service and manage resources from the command line.
+3. **Profile management**: Manage multiple AWS accounts using different named profiles.
+4. **JSON and YAML output**: Format CLI responses for better readability or integration with other tools.
+
+### Example Commands:
+
+```bash
+# List all S3 buckets in your account
+aws s3 ls
+
+# Describe EC2 instances in a specific region
+aws ec2 describe-instances --region us-west-2
+```
+
+## What’s the AWS SDK?
+
+- AWS SDK (Software Development Kit) allows developers to interact with AWS services using various programming languages.
+- Supports languages like Python (boto3), JavaScript (aws-sdk), Java, .NET, Ruby, PHP, and more.
+- SDKs provide simplified APIs, making it easier to work with AWS services programmatically without dealing with low-level API calls.
+
+### Key Features of AWS SDK:
+
+- API abstraction: Higher-level abstractions simplify complex operations like S3 object uploads or DynamoDB queries.
+- Cross-service integration: SDKs help integrate multiple AWS services together within applications.
+- Authentication: Easily manage credentials and authenticate requests using IAM roles or user access keys.
+- Retry logic: Handles transient network issues with built-in retry logic.
+
+### Example Usage (Python boto3 SDK):
+
+```Python
+import boto3
+
+# Create an S3 client
+s3 = boto3.client('s3')
+
+# List all S3 buckets
+response = s3.list_buckets()
+print('S3 Buckets:', [bucket['Name'] for bucket in response['Buckets']])
+```
+
+## IAM Section – Summary
+
+- **Users**: Mapped to a physical user, has a username and password for AWS Management Console access.
+- **Groups**: Contains users and allows applying common permissions to multiple users.
+- **Policies**: JSON document that defines permissions for users, groups, or roles.
+- **Roles**: Assign to AWS services (e.g., EC2, Lambda) for accessing other resources without credentials.
+- **Permissions**: Allow or deny actions on AWS resources, defined using policies.
+- **MFA**: Multi-Factor Authentication for an additional layer of security beyond username and password.
+- **Password Policy**: Enforce password complexity, rotation, and reuse rules for IAM users.
+- **AWS CLI**: Command-line tool to interact with AWS services and automate tasks.
+- **AWS SDK**: Use programming languages (e.g., Python, JavaScript) to manage AWS services programmatically.
+- **Access Keys**: Key pairs used to authenticate when accessing AWS using the CLI or SDK.
+- **Audit Tools**: IAM Credential Report lists user credentials; Access Advisor shows service permissions usage.