IaaS, PaaS, and SaaS are the three service models in the NIST definition of cloud computing, published as NIST Special Publication 800-145 in September 2011. NIST defines cloud computing as a model for “ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources,” and these three models describe the level at which a customer consumes those resources.
Infrastructure as a Service (IaaS) gives the customer raw computing capability - virtual machines, storage, and networks - on which they can run arbitrary software, including operating systems. The provider manages the underlying physical hardware; the customer manages everything from the operating system upward. Renting virtual servers and block storage is the canonical example.
Platform as a Service (PaaS) lets the customer deploy their own applications onto a provider-managed platform using supported languages, libraries, and tools, without managing the servers, operating systems, or storage underneath. The customer controls the deployed application and some configuration; the provider runs everything below it.
Software as a Service (SaaS) gives the customer the use of a finished application running on the provider’s cloud infrastructure, typically accessed through a web browser or a thin client. The customer does not manage the application’s code, servers, or storage at all - they simply use it. Email, productivity suites, and CRM systems delivered over the web are common examples. Together these three models form a stack from least to most managed, and most modern cloud offerings combine all three.