Groups
This tutorial teaches how to create IAM groups in AWS, attach policies, and add users for specific access permissions.
In this tutorial, you'll learn how to create IAM groups in the AWS Management Console, attach policies, and add existing users. We’ll set up two groups:
- HR: Grants access to a specific S3 bucket.
- IT: Provides full administrative privileges.
Prerequisites¶
- An AWS account with sufficient privileges to manage IAM resources.
- Existing IAM users (e.g., John, Sarah).
Step 1: Open the IAM Console¶
- Sign in to the AWS Management Console.
- Navigate to Services > Security, Identity, & Compliance > IAM.
- In the left pane, select User groups.
You should see a list of your current IAM user groups (if any).
Step 2: Create the “HR” Group¶
-
Click Create group.
-
Enter
HRas the Group name. -
Under Add users to group, select John.
-
In Attach managed policies, click Create policy, then paste the JSON below:
json theme={null}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "HRPolicy",
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::company1-hr-bucket",
"arn:aws:s3:::company1-hr-bucket/*"
]
}
]
}
-
Review the policy, give it a name like
HRPolicy, and attach it to the group. -
Click Create group to finalize.
Step 3: Create the “IT” Group¶
- Click Create group again.
- Enter
ITas the Group name. - Select Sarah under Add users to group.
- In Attach managed policies, search for and select AdministratorAccess.
- Click Create group.
The IT group will now have full AWS administrative access.
Summary of IAM Groups¶
| Group | User | Policy | Access Scope |
|---|---|---|---|
| HR | John | HRPolicy | company1-hr-bucket S3 bucket |
| IT | Sarah | AdministratorAccess | Full AWS services and resource control |