In this post we will cover using groups to assign permissions to users in AWS. This is the third part on IAM on AWS to protect your account. You can view previous part below.
Use groups to assign permissions in AWS
Lets now expand the section of Groups in our IAM Dashboard and click on Manage Group
Use Groups To Assign Permissions
We can then click on Create New Group
Create New Group
I will create a group named “admin”
Set Group Name
I will now attach the AdministratorAcccess Policy to the group I just created
Attach Group Policy
You can now review the group and the attach policy and continue
IAM Group Review
We can now clean up some items and add the group to the user we previous created so that the user is in the admin group rather than having direct permission to AdminstratorAccess. Click on the newly create admin user
New Group Created Select
We can now click on Add Users to Group to add the previously created user
Add Users To Group
Select the user/users you wish to add to the group.
Select User to Group
Afterwards we will find that the user in now added to the group
User Added To Group
We can now remove the user policy that the user has since the user is already in Admin Group we can revoke the policy of AdministratorAccess, there is no need to have 2 things that mean the same. Click on User and select the policy and click on the right to delete it.
Remove User From Policy
A prompt will show to confirm the detach of policy from the user, click on Detach and the policy will be removed.
Detach Policy
Summary
We have covered the forth step in our IAM in AWS on groups to assign permissions to users in AWS. Next we will cover how to Apply an IAM password policy.