AWS TutorialsTutorials

AWS – IAM Groups

IAM Groups

  • An IAM Group is a collection of users.
  • Group specifies the permission for a collection of users, and it also makes it possible to manage the permissions easily for those users.
  • You created a group known as Admin and assigned the permissions to the group that administrators typically need. Any user joins the admin group; then the user will have all the permissions that are assigned to the group. If a new user joins the organization, then he should have administrator privileges, and you can assign the appropriate permissions by adding him to the group. If a person changes his job profile, instead of editing his permissions, you can remove him from a group and add him to the group.

AWS - IAM Groups

Characteristics of IAM Group

  • A group is a collection of users, and a user can also belong to multiple groups.
  • Groups cannot be nested, i.e., a group cannot contain another group.
  • No default group that automatically includes all the users in AWS account. If you want a group like this, create a group and then add the users in a group.
  • There is a limit to the number of groups that you can have and also have a limit to the number of groups that a user can belong to.

Creating a Group (AWS Management Console)

  • Sign in to the AWS Management Console by entering your email address and password.
  • Open IAM Console
  • In the navigation pane, click on the Groups. After clicking on the Group, the screen appears which is shown below:

Creating a Group (AWS Management Console)

  • Click on the “Create New Group” to create a new group. On clicking on the “Create New Group”, the screen appears shown below:

Creating a Group (AWS Management Console)

  • In the Group Name box, enter the group name and then click on the Next Step button.
  • Select the checkbox next to the policy which you want to use with the group.
  • Click on the Next Step button and then click on the Create Group.

Creating a Group (API or CLI)

  • Create a Group

CLI Command: 

aws iam create-group

Suppose you create a group whose name is Admin; the following command is used to create a group:

aws iam create-group ?group-name Admin

Listing IAM Groups (AWS Management Console)

  • Sign in to the AWS Management Console by entering your email address and password.
  • Open the IAM Console.
  • In the navigation pane, click on the Groups. After clicking on the Groups, the screen appears which is shown below:

Listing IAM Groups (AWS Management Console)

The above figure shows that one user exists whose name is MyUser.

Listing IAM Groups to which a user belongs to (AWS Management Console)

  • Sign in to the AWS Management Console by entering your email address and password.
  • Open the IAM Console.
  • In the navigation pane, click on the Users and then click on the User Name.
  • Open the Groups section.

Listing IAM Groups (AWS API or CLI)

  • List all the groups available in your AWS account

CLI Command: 

aws iam list-groups

API Command: 

ListGroups

  • List all the users that belong to your group

CLI Command: 

aws iam get-group

API Command: 

ListGroups

Deleting an IAM Group (AWS Management Console)

  • Sign in to the AWS Management Console.
  • Open the IAM Console.
  • In the navigation pane, click on the Groups.
  • Select the checkbox that appears next to the group name.

Deleting an IAM Group (AWS Management Console)

  • Click on the dropdown menu of the GroupActions.

Deleting an IAM Group (AWS Management Console)

  • In the dropdown menu list, click on the Delete Group. After clicking on Delete Group, the screen appears which is shown below:

Deleting an IAM Group (AWS Management Console)

  • Click on YesDelete to delete the group.

Delete an IAM Group (AWS CLI or API)

  • Remove all the users from the Group.

CLI Command:

aws iam get-group (to list all the users of a group)

aws iam remove-user-from-group (Removes all the users from a group)

API Command:

GetGroup (to list all the users of a group)

RemoveUserFromGroup (Removes all the users from a group)

  • Detach the inline policies attached to the group.

CLI Command: 

aws iam list-group-policies (to list all the group’s inline policies)

aws iam delete-group-policy (to delete the group’s inline policies)

API Command: 

ListGroupPolicies (to list all the group’s inline policies)

DeleteGroupPolicy (to delete the group’s inline policies)

  • Detach the managed policies attached to the group.

CLI Command: 

aws iam list-attached-group-policies (to list all the group’s managed policies)

aws iam detach-group-policy (to detach the group’s managed policies)

API Command: 

ListAttachedGroupPolicies (List the group’s policies)

DetachGroupPolicy (Delete the group’s policies)

  • Delete the group.

CLI Command: 

aws iam delete-group

API Command:

DeleteGroup

myTechMint

myTechMint aka my Tech Mint - Get Tech Tips, Learn Online Technical Tutorials, Free Job Alert, Competitive Exam Preparation Study Materials, Download Bachelor of Technology, and CBSE Notes.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button