CloudWiki
Resource

IAM Group

Amazon Web Services
Permissions
An IAM group is a collection of multiple IAM users, that let you easily grant, change, and remove permissions to those users at the same time. Changes in permissions made to a group affect each individual user within that group making it easier to manage.
Terraform Name
terraform
aws_iam_group
IAM Group
attributes:
  • name - (Required) The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins".
  • path - (Optional, default "/") Path in which to create the group.

Associating resources with a
IAM Group
Resources do not "belong" to a
IAM Group
Rather, one or more Security Groups are associated to a resource.
Create
IAM Group
via Terraform:
The following HCL creates an IAM group
Syntax:

resource "aws_iam_group" "developers" {
 name = "developers"
 path = "/users/"
}

Create
IAM Group
via CLI:
Parametres:

create-group
[--path <value>]
--group-name <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws iam create-group --group-name Admins

aws cost
Costs
The cost of using Identity and Access Management (IAM) features is free, as it is included in the overall cost of using Amazon Web Services (AWS). There are no charges for creating or using IAM users, groups, roles, or policies. However, some AWS services, such as Amazon S3 or Amazon EC2, may incur charges for using IAM features, such as creating an IAM role to access an Amazon S3 bucket or an Amazon EC2 instance.
Direct Cost

--

Indirect Cost
No items found.
Best Practices for
IAM Group

Categorized by Availability, Security & Compliance and Cost

Low
Access allowed from VPN
No items found.
Low
Auto Scaling Group not in use
No items found.
Medium
Connections towards DynamoDB should be via VPC endpoints
No items found.
Medium
Container in CrashLoopBackOff state
No items found.
Low
EC2 with GPU capabilities
No items found.
Medium
EC2 with high privileged policies
No items found.
Medium
ECS cluster delete alarm
No items found.
Critical
ECS task with Admin access (*:*)
Medium
ECS task with high privileged policies
No items found.
Critical
EKS cluster delete alarm
No items found.
Medium
ElastiCache cluster delete alarm
No items found.
Medium
Ensure Container liveness probe is configured
No items found.
Medium
Ensure ECS task definition has memory limit
No items found.
Critical
Ensure EMR cluster master nodes are not publicly accessible
No items found.
More from
Amazon Web Services