# Identity and access management for AWS Resource Access Manager AWS Identity and Access Management (IAM) is an AWS service that helps an administrator securely control access to AWS resources. Administrators in IAM control who can be *authenticated* (signed in) and *authorized* (have permissions) to use AWS resources. By using IAM, you create principals, such as roles, users, and groups in your AWS account. You control the permissions that those principals have to perform tasks using AWS resources. You can use IAM for no additional charge. For more information about managing and creating custom IAM policies, see [Managing IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage.html) in the *IAM User Guide*. **Topics** + [How AWS RAM works with IAM](security-iam-policies.md) + [AWS managed policies for AWS Resource Access Manager](security-iam-awsmanpol.md) + [Using service-linked roles for AWS RAM](using-service-linked-roles.md) + [Example IAM policies for AWS RAM](security-iam-policies-examples.md) + [Example service control policies for AWS Organizations and AWS RAM](security-scp.md) + [Disabling resource sharing with AWS Organizations](security-disable-sharing-with-orgs.md)