In this post we will cover using groups to assign permissions to users in AWS. This is the third part on IAM on AWS to protect your account. You can view previous part below.

Use groups to assign permissions in AWS

Lets now expand the section of Groups in our IAM Dashboard and click on Manage Group

Use Groups To Assign Permissions

We can then click on Create New Group

Create New Group

I will create a group named “admin”

Set Group Name

I will now attach the AdministratorAcccess Policy to the group I just created

Attach Group Policy

You can now review the group and the attach policy and continue

IAM Group Review

We can now clean up some items and add the group to the user we previous created so that the user is in the admin group rather than having direct permission to AdminstratorAccess. Click on the newly create admin user

New Group Created Select

We can now click on Add Users to Group to add the previously created user

Add Users To Group

Select the user/users you wish to add to the group.

Select User to Group

Afterwards we will find that the user in now added to the group

User Added To Group

We can now remove the user policy that the user has since the user is already in Admin Group we can revoke the policy of AdministratorAccess, there is no need to have 2 things that mean the same. Click on User and select the policy and click on the right to delete it.

Remove User From Policy

A prompt will show to confirm the detach of policy from the user, click on Detach and the policy will be removed.

Detach Policy


We have covered the forth step in our IAM in AWS on groups to assign permissions to users in AWS. Next we will cover how to Apply an IAM password policy.