AWS Access control create group policy

Install and Use AWS CLI on Linux
After the installation and configuration of AWS CLI, confirm it is working well.

These are the actions that we’ll perform in this guide.
*Create an IAM Group
*Attach Policy to the group
*Create an AWS IAM User
*Set initial password for the user and force password change on the first login
*Add User to IAM Group
*Give a user an additional IAM policy that grants access to services

Step1: Create an AWS IAM Group
An IAM group is a collection of IAM users. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users.
create a group called DB-Admins:
$ aws iam create-group --group-name DB-Admins
{
"Group": {
"Path": "/",
"GroupName": "DB-Admins",
"GroupId": "AGPARX4Y6JA3GYFUH5RA3",
"Arn": "arn:aws:iam::120942965047:group/DB-Admins",
"CreateDate": "2020-05-28T16:59:03Z"
}
}

You can confirm creation by listing available groups:
#aws iam list-groups

Step2: Attach Policy to the group
You can choose to create a new IAM policy that grants or deny access to services or use a pre-defined policy that works for your needs. You can easily get the ARN of a policy by clicking on the policy name and viewing the Summary. Copy the ARN and use it to attach the policy to the IAM user group.

Confirm the changes by listing all the policies attached to the IAM group

Step3: Create an AWS IAM User
Now that we have an IAM group with an attached policy, we can create an IAM user.

Step4: Add User to IAM Group
Add the user to the group for it to inherit permissions added to the group.

Step5: Add additional IAM policy to the user
If you want a user to have specific access to resources, you can attach a policy directly to the user. The policy can be pre-defined or the one you’re creating.
Syntax:
aws iam attach-user-policy
--policy-arn
--user-name Alice




Recent Comments

No comments

Leave a Comment