AWS User Groups: What Are They? What does it do for us? What are the steps for creating IAM User Groups?

·

3 min read

User Groups in AWS:

  In AWS, User Groups are a way to combine users that share/ require similar permissions or policies.

  Such that, When certain policies/permissions are assigned to a group, those policies/permissions are applied to all of the users in that group.

  For example, you may create a group with three users, and then assign EC2 Access to the group, which allows those three users to access EC2 too.

Creating an User Group in AWS:

  We've discussed what is an IAM User and how to create an IAM User in this article

• Create additional users (perhaps three) from your IAM account and memorise their passwords as well as the link (needed to login) provided on the Success page.

  However, While creating those users, provide the 'AmazonS3FullAccess' permission/ policy.

Screenshot_from_2021-05-25_21-56-58.png

• Now click on 'User Groups' from the 'IAM dashboard.'

Screenshot_from_2021-05-25_21-48-44.png

• Now click 'create group' in the following page and

    👉🏼 Provide a Group name
    👉🏼 Select the Users who needed to be a part of the group.
    👉🏼 And don't provide any permissions/ policies for now

Screenshot_from_2021-05-25_22-32-36.png

• Remember the link you've been provided after creating users? Use it to login in an incognito mode as an IAM User who is part of the group you've just created (or logout in the current tab before you login).

  • and then search for EC2 in the 'IAM Dashboard' or 'search bar' and open it in new tab.

  • And you can see that you can access S3 as you've provided the permission directly while creating that user. And you can see error at EC2 tab since you've not provided any permission for that.

Screenshot from 2021-05-25 22-02-43.png

• Return to your 'IAM Account' and click on the group you just created inside User groups.

  • then pick 'add permission' > 'Attach policies' from the 'permissions' tab.

  • select 'AmazonEC2FullAccess' and save it.

• Now open that incognito tab and reload the EC2 tab and you can see its working even though you haven't granted the permission directly to that user but have granted the permission to the group he is in.

Screenshot_from_2021-05-25_22-00-03.png

• Now try signing in with the rest of the users in that group and see whether they all have access to 'EC2'.

Bottom Line:

👉🏼 Users that require the same permissions can be grouped together, making the work of granting or deleting permissions easier.

👉🏼 Changes made to a group are reflected to all users within that group.

This is part of #100DaysOfCode of AWS started by Sarthaksavvy . You can visit his profile on Github

Feel free to leave a comment if you enjoyed or disliked this post. I'd appreciate it if you could provide feedback.

Follow me on twitter