This page is under regular updates. Please check back later for more content.
Security Identity & Compliance
Identity and Access Management (IAM)
Group

IAM Groups

  • IAM groups help consolidate permissions, making operations more efficient when managing a large number of users.
  • An IAM group is a collection of IAM users assigned the same permissions.
  • Groups can be associated with both inline and managed permission policies.
  • Unlike other identity management solutions, IAM groups cannot be nested inside one another.

Efficiency

  • Managing permissions individually for multiple users can be cumbersome.
  • Example Scenario:
    • Users:
      • Software engineers: dev1, dev2, dev3
      • Operations team: sysops admins (each with individual IAM user accounts)
      • Finance personnel needing access to the billing console (also with an IAM user)
    • Without IAM groups, permissions would have to be managed individually for each user.

Using IAM Groups

  • Create a developers group and place all three developer IAM users (dev1, dev2, dev3) in it to centralize their permissions.
  • Create groups for sysops admins and finance, even if there’s only one IAM user in the billing group.
    • This approach allows for efficient permission management, especially if more users need to be added later.
  • When a group is created no policies are attached and associated by default.

Managing User Role

  • If a developer switches teams (e.g., dev3 becomes a sysops admin):
    • Change their group membership from the developers group to the sysops admin group.
    • Their permissions are updated immediately to match those of the other sysops admins, simplifying role transitions within the company.
UserRoles