Getting Started

User groups are used to control what services different users will have access to. In this tutorial, we will be creating a group that has all the same access that the root user has. This is not ideal and it is recommended that your user groups have more limited control.

To begin, search for IAM in the search field at the top of the page and click on the IAM Service. Note that if you click the star beside IAM, it will add it to the top of your console as a favorite. This will be helpful as you use certain services repeatedly.

User Groups

From the IAM Dashboard, note the list of Access management options on the left.

Click User groups.

Create Group

You are presented with a list of all user groups for your account. This is a new account so there are no groups.

For the purposes of this tutorial, I will only be discussing the Authenticator App option.

Click Create group

Create User Group

User group name: Enter a name for this user group. This can be anything you wish, but you cannot use spaces. Make sure it is descriptive.

For our purposes, we will attach a policy to the group that indicates what permissions this group has. Any user that is a member of this group will have the permissions indicated by the policy.

You can see that there are many policies to choose from. When you create groups for your environments, you will want to choose only those policies that are needed for that specific group. Grant only the permissions that are needed for those users and no more.

This is a test environment where we are simply demonstrating the functionality, so we will grant this group the same permissions as the root user. These are contained within the AdministratorAccess policy.

Check the box beside the AdministratorAccess policy

Click Create group

All Done

This user group is now available. We will use it later when we create and IAM user.

You may return to the Amazon Web Services Essentials tutorial for the additional steps.