2.7 Ensure an IAM group for administration purposes is created


An IAM group is a collection of IAM users. You can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group. If a new user joins your organization and should have administrator privileges, you can assign the appropriate permissions by adding the user to that group. Similarly, if a person changes jobs in your organization, instead of editing that user's permissions, you can remove him or her from the old groups and add him or her to the appropriate new groups.
The IAM group will allow you to add or remove IAM users that require administrative privileges to the resources.


Using the Amazon unified command line interface:

* Create a new IAM group for administration purposes:

aws iam create-group --group-name <_iam_admin_group_name>_

* Attach the Admin policy to the administration IAM group:

aws iam attach-group-policy --policy-arn <_admin_policy_arn>_ --group-name <_iam_admin_group_name>_

See Also