AWS IAM: Groups - Create Group with Administrator Access

Now imagine a situation where you have 100-200 Users in your Cloud team and each one is specifically assigned to use specific service of AWS. However, It is also possible that multiple users can access specific AWS service and some users are given access to more than one AWS service.

How to manage this situation in easy manner? We can do it by 1) Assigning rights to individual users or 2) We can create multiple groups and assign permissions to group rather than individual users.

Second approach is easier to manage compared to first one. In Group wise permissions, it is easy to modify permissions of a group and it will be automatically applied to hundreds of users. We save ourselves from managing rights of individual users.

Another scenario is, let's assume we want to make 10 Administrators from all users. Rather than assigning each of them individual admin rights, we can create a Admin Group and assign Administrator access to that group and add 10 users in the group. 

Simple, isn't it?

So, how to create Groups?

In the left sidebar, click on the "Groups." Select Create New Group as shown in below figure.

 First step is to specify a Group Name up to 128 Characters and it can be edited any time. Click on Next Step.
Second step is about attaching policy to the Group. In our case lets select AdministratorAccess Policy and click on Next Step.
 In Step 3, review the group name and policy details and click on Create Group.
 Now in the Group section on AWS dashboard, we will be able to see new group. However, notice that no users are available in the group.
To add Users created in AWS IAM, select the group, Click on Group Action button and select "Add users to Group"
 Now select the Users we need to make Administrator for this AWS account from list of Users and click on "Add Users."
 Now in the Group section on AWS dashboard, verify Users column, it has two users in it.
Open the customized IAM Sign-in link, provide username and password we have configured recently. Now IAM users can login and perform operations on AWS Management Console as we have provided Administrator Aceess to them.
Go to IAM section from Services in AWS Management Console. Notice the Third Green Signal for "Use Groups to assign permissions".


Labels: , , ,