In this post we will cover using groups to assign permissions to users in AWS. This is the third part on IAM on AWS to protect your account. You can view previous part below.
Use groups to assign permissions in AWS
Lets now expand the section of Groups in our IAM Dashboard and click on Manage Group
We can then click on Create New Group
I will create a group named “admin”
I will now attach the AdministratorAcccess Policy to the group I just created
You can now review the group and the attach policy and continue
We can now clean up some items and add the group to the user we previous created so that the user is in the admin group rather than having direct permission to AdminstratorAccess. Click on the newly create admin user
We can now click on Add Users to Group to add the previously created user
Select the user/users you wish to add to the group.
Afterwards we will find that the user in now added to the group
We can now remove the user policy that the user has since the user is already in Admin Group we can revoke the policy of AdministratorAccess, there is no need to have 2 things that mean the same. Click on User and select the policy and click on the right to delete it.
A prompt will show to confirm the detach of policy from the user, click on Detach and the policy will be removed.
Summary
We have covered the forth step in our IAM in AWS on groups to assign permissions to users in AWS. Next we will cover how to Apply an IAM password policy.