AWS IAM Unleashed: Creating Groups, Adding Users, and Defining Policies

9 min readJan 12, 2024

Introduction:

In the dynamic ecosystem of AWS, Identity and Access Management (IAM) plays a pivotal role in safeguarding resources. Creating groups, adding users, and attaching policies form the essence of IAM, providing a robust framework for access control. Groups streamline permission management, while policies act as precise directives governing user actions. IAM’s dexterity shines, be it through the intuitive AWS Console or the command-line interface, ensuring airtight security and adherence to the principle of least privilege. Unlock the potential of IAM to fortify your AWS fortress against unauthorized access, elevating your security posture.

IAM Groups: Simplifying Permissions Management

IAM groups in AWS offer a streamlined approach to handling permissions for multiple users. By grouping users together, you can assign common sets of permissions, making it efficient to manage access rights. This proves especially beneficial in scenarios where users share similar levels of access to various AWS resources. IAM groups enhance security by providing a structured way to organize users based on roles or responsibilities, ensuring consistent and error-free application of permissions. This feature simplifies the process of granting and revoking access, contributing to a more secure and well-managed AWS environment.

⫸⫸⫸⫸⫸ Using the AWS Management Console ⫷⫷⫷⫷⫷

⇨ Step 1: Navigating to IAM:

Initiate the access process by logging into the AWS Management Console. Once logged in, locate and access the Identity and Access Management (IAM) service.

Go to the IAM dashboard by selecting “Services” in the upper left corner, and then choosing “IAM” under the “Security, Identity, & Compliance” section.

⇨ Step 2: Create an IAM Group

In the IAM dashboard, click on “Groups” in the left navigation pane.
Click the “Create Group” button.

3. Enter a name for the group and click “Next Step.”

4. On the “Add users to the group” page, you can add users to the group directly. Once you have added the users to the group, then click “Next Step”.

5. On the “Attach Permission Policies” page, you can attach policies that define the permissions for the group. You can either search for and attach existing policies or create a custom policy. Once you’ve attached the desired policies, click “Next Step.”

6. Review the group information and click “Create Group.”

Once your IAM group is created, choose users you want to include. This simplifies the process of assigning shared permissions to a batch of users, enhancing the overall access management.

⇨ Step 3: Add Users to the IAM Group

If you have already created a group and now you want to add users to this particular group, then the steps are given below:

In the IAM dashboard, click on “Groups” in the left navigation pane.
Click on the group you created.

3. In the “Group Actions” drop-down menu, select “Add Users to Group.”

4. Select the users you want to add to the group and click “Add Users.”

⇨ Step 4: Verify Group and User Permissions

In the IAM dashboard, click on “Groups” in the left navigation pane.
Click on the group you created.

3. Review the permissions attached to the group on the “Permissions” tab.

● If you want to “Attach policies” or “create inline policies” select these from “Add permissions”.

If you select the “attach policies”:

Select desired policy, then click the “Attach policies.”

2. If you select the “Create inline policies”:

a) Specify permissions:

For specify the permission, then select the “Edit the statement” first,Add permissions by selecting services, actions, resources, and conditions. Build permission statements using the JSON editor.

then click “Next.”

b) Review and Create:

In “Policy details” add the “Policy name”.

Enter a meaningful name to identify this policy.

Then click “create policies”.

Now you have Successfully created the policy!!!

Note:
1. IAM groups are used to assign permissions to a collection of users.
2. Users can belong to multiple groups, and each group can have specific permissions attached.
3. IAM policies define permissions, and you can attach policies to both groups and users.

⫸⫸⫸⫸⫸ Using the AWS Command Line Interface (CLI) ⫷⫷⫷⫷⫷

Similar operations can be performed using the respective commands.

Certainly! Here are the step-by-step instructions to create an AWS IAM group, add users, and attach permissions using the AWS Command Line Interface (CLI):

⇨ Step 1: Install and Configure AWS CLI

Initiate the process by installing the AWS Command Line Interface (CLI) on your local machine. Configure it with the necessary credentials to enable communication with AWS services.

If you haven’t already, you need to install the AWS CLI and configure it with your AWS credentials. You can install the AWS CLI by following the instructions provided in the AWS CLI User Guide.

⇨ Step 2: Create an IAM Group

Open your command line interface (CLI) on your local machine.
Use the following AWS CLI command to create a new IAM group:

aws iam create-group --group-name YourGroupName --description "Your Group Description"

Replace “YourGroupName” with a unique name for your group and provide an optional description.

3. After executing the command, AWS CLI will return a JSON output confirming the successful creation of the IAM group.

This step ensures the establishment of a new IAM group with the specified details. The group is now ready to have users added, and policies attached to manage access permissions effectively.

⇨ Step 3: Attach Policies to the IAM Group

In your command line interface (CLI), use the following AWS CLI command to attach policies to the IAM group:

Option 1: Attach Existing Policies

aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/YourPolicyName --group-name YourGroupName

Replace YourPolicyName the name of the policy you want to attach and YourGroupName the name of your group.

Option 2: Create and Attach a Custom Policy

Create a JSON file (e.g., custom-policy.json) containing your custom policy.

echo '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["s3:ListBucket"],"Resource": ["arn:aws:s3:::your-bucket-name"]}]}'> custom-policy.json

Adjust the policy content and resource as per your requirements.

2. Use the following command to attach the custom policy to the IAM group:

aws iam put-group-policy --group-name YourGroupName --policy-name YourPolicyName --policy-document file://custom-policy.json

Replace YourGroupName with the name of your IAM group and YourPolicyName with the desired name for your custom policy.

Executing either option grants the IAM group the specified permissions, facilitating secure and controlled access to AWS resources.

⇨ Step 4: Create IAM Users

Now, let’s proceed with creating IAM users using the AWS Command Line Interface (CLI). Follow the steps below:

Open your preferred command line interface.
Use the following AWS CLI command to create a new IAM user:

aws iam create-user --user-name User1

Replace “User1” with the desired username for the new IAM user.

3. Repeat the command for additional users as needed,

changing the --user-name parameter accordingly (e.g., User2, User3).

Creating IAM users through the CLI provides a flexible and scriptable way to manage access to your AWS resources.

⇨ Step 5: Add Users to the IAM Group

Now, let’s add the IAM users we created to the IAM group using the AWS Command Line Interface (CLI). Follow the steps below:

Open your preferred command line interface.
Use the following AWS CLI command to add a user to the IAM group:

aws iam add-user-to-group --user-name User1 --group-name YourGroupName

Replace User1 with the username of the IAM user you want to add, and YourGroupName with the name of your IAM group.

3. Repeat the command for additional users as needed,

changing the --user-name parameter accordingly (e.g., User2, User3).

By adding users to the IAM group, you ensure consistent permissions across multiple users, simplifying access management.

⇨ Step 6: Verify Group and User Permissions

To ensure that policies are correctly attached and users have the expected permissions, follow these verification steps:

Use the AWS CLI command to list the policies attached to the IAM group:

aws iam list-attached-group-policies --group-name YourGroupName

Replace “YourGroupName” with the actual name of your IAM group.

Confirm the policies listed align with the intended permissions for the group.

2. Additionally, verify individual user permissions by using the following command:

aws iam list-user-policies --user-name User1

Replace “User1” with the username of the IAM user you want to verify.

The output indicates that there are no inline policies attached to the IAM user named “MINHAJ.” The Policy Names field is an empty list, which means that the user currently doesn’t have any user-specific inline policies.

Repeat these steps for each user added to the group to ensure accurate and secure access control.

3. Check the User’s Group Membership and Policies

To confirm a user’s group membership and associated policies, execute the following AWS CLI commands:

● Verify group membership for a user:

aws iam list-groups-for-user --user-name User1

Replace “User1” with the username of the IAM user you want to check.

These commands will provide detailed information about the IAM user’s group memberships and policies, allowing you to verify and manage their access effectively.

Best Practices and Tips:

When managing IAM groups in AWS, adhere to the principle of least privilege to ensure users have only the necessary permissions. Regularly review and audit group memberships and policies to align with evolving requirements and maintain a secure environment. Consider implementing multi-factor authentication (MFA) for an additional layer of security. Leverage AWS Identity and Access Management tools for monitoring and logging to gain insights into user activities. Lastly, stay informed about AWS updates and new features to optimize your IAM configurations effectively. Following these best practices contributes to robust access control and enhances the overall security posture of your AWS environment.

Conclusion:

In navigating the intricate realm of AWS Identity and Access Management (IAM), we’ve uncovered the essence of secure access control. IAM groups emerged as catalysts for streamlined permissions, offering efficiency in managing user access. The AWS Management Console and Command Line Interface provided distinct yet powerful avenues to sculpt IAM configurations.

Best practices, such as adhering to the principle of least privilege and regular reviews, stood as guiding lights. Harnessing AWS Managed Policies and delving into IAM roles showcased advanced strategies for heightened security. MFA, credential rotation, and IAM Access Analyzer added layers of defense.

Whether you choose the console’s visual simplicity or the CLI’s scriptable prowess, IAM empowers you to fortify your AWS kingdom. IAM is more than a tool; it’s a philosophy — advocating for secure, efficient, and scalable cloud practices. As we conclude, may your IAM journey be harmonious, and your cloud security, unwavering. IAM, the guardian of your AWS identity, stands ready to secure your cloud fortress.

Connect with Me on LinkedIn:
Feel free to connect with me on LinkedIn to stay updated on cloud computing, AWS, and more! I welcome discussions, questions, and networking opportunities. Let’s continue the conversation and explore the vast world of cloud technologies together.
LinkedIn Profile