Open in app

Sign in

Write

Sign in

Creating an IAM Group on AWS

Eseme Ukeme
AWS Security User Group West Africa
Published in
3 min readFeb 3, 2023

An IAM user group is a collection of IAM users.

With user groups, you can assign permissions to multiple users, which makes it easy to moderate and manage policies for those users.

Characteristics of user groups:

  • User groups can’t be nested; they can contain only users, not other user groups.
  • There is no default user group that automatically includes all users in the AWS account. If you want to have a user group like that, you must create it and assign each new user to it.
  • A user group can contain many users, and a user can belong to multiple user groups.

To create a user group, follow these five simple steps:

Step 1 — Login and Navigation.

Log in to your AWS console with an administrative user or profile.
On the Top left corner, click on services, scroll down to Security, Identity & Compliance, click on IAM

Step 2 — Create a User Group

On the left-hand section of the IAM dashboard, under Access Management, click on User groups.
Next, click on "Create a group."

Step 3 — Create Group Name

On the input field, insert the group name.
Enter a meaningful name to identify this group.

Step 4 — Add users to the group

An IAM user is an entity that you create in AWS to represent the person or application that uses it to interact with AWS. A user can belong to up to 10 groups.

This section contains a list of IAM users that have been created; if it is empty, you must create one.
Follow this link - https://medium.com/aws-security-user-group-west-africa/creating-an-iam-user-on-aws-4d2446202abd

Use the checkbox to select the IAM user you intend to add to the User group.

Step 5 — Attach permissions policies

Before attaching policies to the user group, consider the principle of least privilege.

The principle of least privilege (PoLP) is an information security concept which maintains that a user or entity should only have access to the specific data, resources and applications needed to complete a required task.

In this article, we want to give this group full access permissions to IAM.
Scroll down to the search bar in this section. Input IAM as your filter query.
Select "IAMFullAccess" using the checkbox.

You can click the plus sign [+] to view the full policy statement in JSON format.

Click — Create Group

You have successfully created an IAM user group.

If I Had A Mic Right Now, I'd Drop It GIF by Reaction GIFs | Gfycat

Watch and share Brooklyn Nine-Nine GIFs and Chelsea Peretti GIFs by Reaction GIFs on Gfycat

gfycat.com

Bonus Steps.

on the user group dashboard, where you have a list of all user groups.
Click — on the newly created group.
You would have these options to view and modify:
a) Users in this group
b) Permissions policies — You can attach up to 10 managed policies.
c) Access Advisor — Access Advisor shows the services that this group can access and when those services were last accessed

--

--

Eseme Ukeme
AWS Security User Group West Africa

Written by Eseme Ukeme

15 Followers
Writer for

Cloud Engineer / Blockchain Developer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams