Read on:

AWS for Beginners: Understanding AWS Terminologies: Part 1
AWS for Beginners: What is AWS EC2: Part 2
AWS for Beginners: AWS Compute Services: Part 3
AWS for Beginners: How to Protect AWS Security Tools: Part 4
AWS for Beginners: What is IAM (Identity and Access Management) and Best Practices: Part 5
AWS for Beginners: Provisioning IAM Users and Programmatic Access in AWS: Part 6
AWS for Beginners: Securing Root account using MFA: Part 7
AWS for Beginners: Amazon S3 Overview, Security and Best Practices : Part 8

Why Groups in AWS?

In Cloud operations, one of the most important tasks is to provide the right level of access to the right people. It becomes crucial to have a standard operating procedure (SOP) to provide access to members of a team and also to manage it with little overhead throughout the entire lifecycle of the user access to the cloud resources. It is never easy to manage the permissions and the privileges for each user separately, that too when a set of users have a similar set of permissions. To make the process of managing users with similar permissions easier, groups are created. In a group, there can be multiple users and the permissions are applied at the group level. Then this permission applies to all the users within that group. If a new user is added to the group, then the user inherits the permissions from the group, when a user is added to a different group, then the permissions of the new group are applied, etc. In this way, groups make the task of managing permissions for multiple users very simple. Below we can see multiple groups created for separate purposes and multiple users within the group.

Protect Your Data with BDRSuite

Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!

Creating and managing IAM groups

There are a few important limitations in AWS IAM groups

  • A user can be part of up to 10 groups
  • Groups cannot be nested. That is, groups can contain only users and no other groups
  • The default number of groups that can be created in an AWS account is 300 and the maximum number is 500

Creating a new user group from the AWS console

To create a new user group and to add users to the group from the AWS console follow the steps given below.

Download Banner

1) Log in to the AWS console using the link https://aws.amazon.com/console and click on Sign in to the Console.

Creating and managing IAM groups

2) In the next screen, select the option “Root User” and enter the root account user name and password.

Creating and managing IAM groups

3) Search for IAM in the search box on the top of the screen and select the IAM service from the drop-down results.

Creating and managing IAM groups

4) Click on the User Groups option on the left-hand side of the screen and then click on the Create Group option.

Creating and managing IAM groups

5) In the next screen, fill in the details of the group like the

  • Name of the group to be created
  • User accounts to be added as part of the group
  • Policy permissions to be added to the group

Here we are creating a group named developer_group, adding user appadmin as part of the group, and attaching the policy AmazonEC2FullAccess to the group. Finally, click on Create Group option.

Creating and managing IAM groups

Creating and managing IAM groups

Creating and managing IAM groups

Creating and managing IAM groups

Managing user groups with AWS CLI

User groups can also be created and managed with AWS CLI. Below are a few commands that can be used to create IAM groups with AWS CLI. In all these commands we will use the AWS CLI profile named automation. You can create your profile with a different name and use it along with the CLI commands.

  • Create an IAM group using the AWS CLI

$ aws iam create-group –group-name webadmin –profile automation
GROUP arn:aws:iam::545859768147:group/webadmin 2022-10-10T18:12:36+00:00 RGH6SKFIRK794KFXCDX webadmin /

  • Create an IAM user using AWS CLI

$ aws iam create-user –user-name webuser1 –profile automation
USER arn:aws:iam::545859768147:user/webuser1 2022-10-10T18:15:29+00:00 / THDJQOUDJKOWWBFXE webuser1

  • Add IAM User to a group using AWS CLI

$ aws iam add-user-to-group –user-name webuser1 –group-name webadmin –profile automation

  • Get details of a group with AWS CLI

$ aws iam get-group –group-name webadmin –profile automation
GROUP arn:aws:iam::545859768147:group/webadmin 2022-10-10T18:12:36+00:00 RGH6SKFIRK794KFXCDX webadmin /
USERS arn:aws:iam::545859768147:user/webuser1 2022-10-10T18:15:29+00:00 / THDJQOUDJKOWWBFXE webuser1

  • Attach a policy to a group with AWS CLI

$ aws iam attach-group-policy –policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess –group-name webadmin –profile automation

Conclusion:

In this article, we have demonstrated how to create a group, attach policies to the group, and add users to the group using AWS console and AWS programmatic access. Managing users through groups is the best and simplest way. It becomes effortless to add/remove users from the group and the permissions are inherited by the users from the group.

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

Rate this post