Do you control user or developer access with IAM policies?

I am struggling to get a grasp on what exact terminology means and as such,. am having difficulty developing appropriate AWS architecture.

My core question is essentially "is IAM dedicated for controlling access for developers using AWS to build their product/software or for user access control."

For example:

From a user perspective: A user (customer) creates an 'account' with my software. In this software, they create a text file, write something in the text file, and then save this text file which can be accessed via the cloud. When they log back in on a different computer, they can see their text file and can continue to edit it.

From a backend perspective: An AWS Cognito user is created. When they save the file an get API request is called and routed using API Gateway which runs a lambda script to return a presigned URL path for the text file to be uploaded into an S3 bucket into a user dedicated folder. Then the POST API request is made to upload the file directly to S3. An example of what two folders in S3 my look like when two users have uploaded a file:

mybucket/User A/: - personalinfo.txt

mybucket/User B/: - raw_data.txt

What is responsible for ensuring a User has permissions to access only their text files and not somebody elses? Where do I control that User A has access to personalinfo.txt, and User B does not?

Is IAM responsible for handle individual users like this? From my understanding IAM is only dedicated for preventing want developers (software engineers) can access and control in AWS. If its not IAM, what tool should be used to prevent/grant access to personal data that is stored in an S3 bucket?