Home » Tutorials » AWS Tutorials » AWS – IAM Groups

AWS – IAM Groups

IAM Groups

  • An IAM Group is a collection of users.
  • Group specifies the permission for a collection of users, and it also makes it possible to manage the permissions easily for those users.
  • You created a group known as Admin and assigned the permissions to the group that administrators typically need. Any user joins the admin group; then the user will have all the permissions that are assigned to the group. If a new user joins the organization, then he should have administrator privileges, and you can assign the appropriate permissions by adding him to the group. If a person changes his job profile, instead of editing his permissions, you can remove him from a group and add him to the group.

AWS - IAM Groups

Characteristics of IAM Group

  • A group is a collection of users, and a user can also belong to multiple groups.
  • Groups cannot be nested, i.e., a group cannot contain another group.
  • No default group that automatically includes all the users in AWS account. If you want a group like this, create a group and then add the users in a group.
  • There is a limit to the number of groups that you can have and also have a limit to the number of groups that a user can belong to.
Related:  AWS - IAM Roles

Creating a Group (AWS Management Console)

  • Sign in to the AWS Management Console by entering your email address and password.
  • Open IAM Console
  • In the navigation pane, click on the Groups. After clicking on the Group, the screen appears which is shown below:

Creating a Group (AWS Management Console)

  • Click on the “Create New Group” to create a new group. On clicking on the “Create New Group”, the screen appears shown below:

Creating a Group (AWS Management Console)

  • In the Group Name box, enter the group name and then click on the Next Step button.
  • Select the checkbox next to the policy which you want to use with the group.
  • Click on the Next Step button and then click on the Create Group.

Creating a Group (API or CLI)

  • Create a Group

CLI Command: 

aws iam create-group

Suppose you create a group whose name is Admin; the following command is used to create a group:

aws iam create-group ?group-name Admin

Listing IAM Groups (AWS Management Console)

  • Sign in to the AWS Management Console by entering your email address and password.
  • Open the IAM Console.
  • In the navigation pane, click on the Groups. After clicking on the Groups, the screen appears which is shown below:
Related:  How to Install SSL Certificate on Amazon Web Services (AWS)

Listing IAM Groups (AWS Management Console)

The above figure shows that one user exists whose name is MyUser.

Listing IAM Groups to which a user belongs to (AWS Management Console)

  • Sign in to the AWS Management Console by entering your email address and password.
  • Open the IAM Console.
  • In the navigation pane, click on the Users and then click on the User Name.
  • Open the Groups section.

Listing IAM Groups (AWS API or CLI)

  • List all the groups available in your AWS account

CLI Command: 

aws iam list-groups

API Command: 

ListGroups

  • List all the users that belong to your group

CLI Command: 

aws iam get-group

API Command: 

ListGroups

Deleting an IAM Group (AWS Management Console)

  • Sign in to the AWS Management Console.
  • Open the IAM Console.
  • In the navigation pane, click on the Groups.
  • Select the checkbox that appears next to the group name.

Deleting an IAM Group (AWS Management Console)

  • Click on the dropdown menu of the GroupActions.

Deleting an IAM Group (AWS Management Console)

  • In the dropdown menu list, click on the Delete Group. After clicking on Delete Group, the screen appears which is shown below:
Related:  Essential AWS S3 CLI Commands to Manage S3 Buckets and Objects with Example

Deleting an IAM Group (AWS Management Console)

  • Click on YesDelete to delete the group.

Delete an IAM Group (AWS CLI or API)

  • Remove all the users from the Group.

CLI Command:

aws iam get-group (to list all the users of a group)

aws iam remove-user-from-group (Removes all the users from a group)

API Command:

GetGroup (to list all the users of a group)

RemoveUserFromGroup (Removes all the users from a group)

  • Detach the inline policies attached to the group.

CLI Command: 

aws iam list-group-policies (to list all the group’s inline policies)

aws iam delete-group-policy (to delete the group’s inline policies)

API Command: 

ListGroupPolicies (to list all the group’s inline policies)

DeleteGroupPolicy (to delete the group’s inline policies)

  • Detach the managed policies attached to the group.

CLI Command: 

aws iam list-attached-group-policies (to list all the group’s managed policies)

aws iam detach-group-policy (to detach the group’s managed policies)

API Command: 

ListAttachedGroupPolicies (List the group’s policies)

DetachGroupPolicy (Delete the group’s policies)

  • Delete the group.

CLI Command: 

aws iam delete-group

API Command:

DeleteGroup

Leave a Comment