# Policies

Amazon CloudFront works with AWS Identity and Access Management (IAM) and AWS Organizations to provide you with options to implement fine-grained access control over your CloudFront distributions. CloudFront policies allow you to specify the permissions of a resource. You can create a policy to allow an IAM user to create or delete distributions, to allow an AWS account to create a CloudFront origin access identity, or to allow an organization to update the settings for a distribution. You can also use policies to specify which Amazon S3 bucket a CloudFront distribution can access.

Visit the following resources to learn more:

- [@official@Cloudfront IAM](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/security-iam.html)