Identity and access management in Amazon DataSync - Amazon DataSync
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Identity and access management in Amazon DataSync

Amazon uses security credentials to identify you and to grant you access to your Amazon resources. You can use features of Amazon Identity and Access Management (IAM) to allow other users, services, and applications to use your Amazon resources fully or in a limited way, without sharing your security credentials.

By default, IAM identities (users, groups, and roles) don't have permission to create, view, or modify Amazon resources. To allow users, groups, and roles to access Amazon DataSync resources and interact with the DataSync console and API, we recommend that you use an IAM policy that grants them permission to use the specific resources and API actions that they will need. You then attach the policy to the IAM identity that requires access. For an overview of the basic elements for a policy, see Access management for Amazon DataSync.