# Controlling access to Amazon DataZone resources using IAM
<a name="security-iam"></a>

You need AWS Identity and Access Management (IAM) to complete the following security-related tasks:
+ Create users and groups under your AWS account.
+ Assign unique security credentials to each user under your AWS account.
+ Control each user's permissions to perform tasks with AWS resources.
+ Allow the users in another AWS account to share your AWS resources.
+ Create roles for your AWS account and define the users or services that can assume them.
+ Use existing identities for your enterprise to grant permissions to perform tasks using AWS resources

For more information about IAM, see the following:
+ [AWS Identity and Access Management (IAM)](https://aws.amazon.com/iam/)
+ [Getting started with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started.html)
+ [IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/)

The following sections describe the policies and permissions that are required to set up Amazon DataZone and its components, such as domains (including the domain), associated accounts, projects, and data sources. For more information, see [Amazon DataZone terminology and concepts](datazone-concepts.md).

**Topics**
+ [AWS managed policies for Amazon DataZone](security-iam-awsmanpol.md)
+ [IAM roles for Amazon DataZone](iam-roles-datazone.md)
+ [Temporary Credentials](temporarycredentials.md)
+ [Principal permissions](Principalpermissions.md)