689
IAM Groups
- An IAM Group is a collection of users.
- Group specifies the permission for a collection of users, and it also makes it possible to manage the permissions easily for those users.
- You created a group known as Admin and assigned the permissions to the group that administrators typically need. Any user joins the admin group; then the user will have all the permissions that are assigned to the group. If a new user joins the organization, then he should have administrator privileges, and you can assign the appropriate permissions by adding him to the group. If a person changes his job profile, instead of editing his permissions, you can remove him from a group and add him to the group.
Characteristics of IAM Group
- A group is a collection of users, and a user can also belong to multiple groups.
- Groups cannot be nested, i.e., a group cannot contain another group.
- No default group that automatically includes all the users in AWS account. If you want a group like this, create a group and then add the users in a group.
- There is a limit to the number of groups that you can have and also have a limit to the number of groups that a user can belong to.
Creating a Group (AWS Management Console)
- Sign in to the AWS Management Console by entering your email address and password.
- Open IAM Console
- In the navigation pane, click on the Groups. After clicking on the Group, the screen appears which is shown below:
- Click on the “Create New Group” to create a new group. On clicking on the “Create New Group”, the screen appears shown below:
- In the Group Name box, enter the group name and then click on the Next Step button.
- Select the checkbox next to the policy which you want to use with the group.
- Click on the Next Step button and then click on the Create Group.
Creating a Group (API or CLI)
- Create a Group
Suppose you create a group whose name is Admin; the following command is used to create a group:
Listing IAM Groups (AWS Management Console)
- Sign in to the AWS Management Console by entering your email address and password.
- Open the IAM Console.
- In the navigation pane, click on the Groups. After clicking on the Groups, the screen appears which is shown below:
The above figure shows that one user exists whose name is MyUser.
Listing IAM Groups to which a user belongs to (AWS Management Console)
- Sign in to the AWS Management Console by entering your email address and password.
- Open the IAM Console.
- In the navigation pane, click on the Users and then click on the User Name.
- Open the Groups section.
Listing IAM Groups (AWS API or CLI)
- List all the groups available in your AWS account
- List all the users that belong to your group
Deleting an IAM Group (AWS Management Console)
- Sign in to the AWS Management Console.
- Open the IAM Console.
- In the navigation pane, click on the Groups.
- Select the checkbox appears next to the group name.
- Click on the dropdown menu of the GroupActions.
- In the dropdown menu list, click on the Delete Group. After clicking on Delete Group, the screen appears which is shown below:
- Click on Yes, Delete to delete the group.
Delete an IAM Group (AWS CLI or API)
- Remove all the users from the Group.
- Detach the inline policies attached to the group.
- Detach the managed policies attached to the group.
- Delete the group.
Next TopicIAM Identities