I am reading through the AWS documentation Understanding how IAM works and I'm confused about the definitions for identities and entities.
Identities
The IAM resource objects that are used to identify and group. You can attach a policy to an IAM identity. These include users, groups, and roles.
Entities
The IAM resource objects that AWS uses for authentication. These include IAM users, federated users, and assumed IAM roles.
What's the difference between the two? They are both IAM resource objects. They both include users and roles (although only identities have groups). You can only attach a policy to an identity but not an entity, but you ultimately authenticate an entity but not an identity. Is the naming difference just a question of grammar, or is there something fundamentally different between the two?