Creating IAM groups and assigning group-level permissions
You can manage users better using IAM groups than by managing them as individual users. Using groups, you can assign same permissions to multiple users. This makes it easier to assign the same permissions to multiple users. In addition, it also becomes simpler to update or reassign permissions for multiple users, or move users between groups.
Typically, you would map permissions to a specific business function in your organization followed by assigning users to that function. After creating groups, you have to create a policy and assign it to the group. Policy variables and groups allow you to manage your users without hardcoding each user in the policy.
How to do it…
- Create IAM group.
Execute the following command to create a group called
developers:$ aws iam create-group --group-name developers
- Add a user to the group.
Execute the following command to add the previously created user,
ethanhunt, to thedevelopersgroup:$ aws...
