CloudWiki
Resource
Detect, troubleshoot & optimize AWS environments in real-time ->

Amazon Web Service (AWS)

IAM Group

Permissions
An IAM group is a collection of multiple IAM users, that let you easily grant, change, and remove permissions to those users at the same time. Changes in permissions made to a group affect each individual user within that group making it easier to manage.
Costs
The cost of using Identity and Access Management (IAM) features is free, as it is included in the overall cost of using Amazon Web Services (AWS). There are no charges for creating or using IAM users, groups, roles, or policies. However, some AWS services, such as Amazon S3 or Amazon EC2, may incur charges for using IAM features, such as creating an IAM role to access an Amazon S3 bucket or an Amazon EC2 instance.
Direct Cost

--

Indirect Cost
No items found.
Terraform Name
aws_iam_group
IAM Group
attributes:
  • name - (Required) The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins".
  • path - (Optional, default "/") Path in which to create the group.

Associating resources with a
IAM Group
Resources do not "belong" to a
IAM Group
Rather, one or more Security Groups are associated to a resource.
Create
IAM Group
via Terraform:
The following HCL creates an IAM group
Syntax:

resource "aws_iam_group" "developers" {
 name = "developers"
 path = "/users/"
}

Create
IAM Group
via CLI:
Parametres:

create-group
[--path <value>]
--group-name <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws iam create-group --group-name Admins

Best Practices for
IAM Group

Categorized by Availability, Security & Compliance and Cost

Explore all the rules our platform covers
Related blog posts
All Resources