Create AWS IAM users and groups using the AWS CLI

You can download this article in PDF format to support us through the following link.

Download the guide in PDF format

turn off


In this short guide, I will guide you to create AWS IAM users and groups on your AWS account from the command line interface using the following command: AWS CLI. AWS Identity and Access Management (IAM) enables you to securely manage access to AWS services and resources. There are two common methods for creating AWS IAM users.

One method comes from the web console, and the other method uses the AWS CLI to make API calls to AWS. The AWS CLI is a unified tool for managing your AWS services. We provide guidance on how to install the AWS CLI. Please see the link below.

Install and use the AWS CLI on Linux

After detailing the installation and configuration of the AWS CLI in the link, please confirm that it is working well.

$ aws s3 ls
2020-04-04 22:49:47 ami-image-bucket
2019-11-20 18:27:47 mydemo-bucket

These are the actions we will perform in this guide.

  1. Create an IAM group
  2. Attach a policy to a group
  3. Create an AWS IAM user
  4. Set an initial password for the user and force the password change when logging in for the first time
  5. Add user to IAM group
  6. Provide users with other IAM strategies to grant access to services

Step 1: Create an AWS IAM group

The IAM group is a collection of IAM users. With groups, you can assign permissions to multiple users, which makes it easier to manage the permissions of these users.

I will create a file called Database administrator:

$ aws iam create-group --group-name DB-Admins
    "Group": {
        "Path": "/",
        "GroupName": "DB-Admins",
        "GroupId": "AGPARX4Y6JA3GYFUH5RA3",
        "Arn": "arn:aws:iam::120942965047:group/DB-Admins",
        "CreateDate": "2020-05-28T16:59:03Z"

You can confirm the creation by listing the available groups:

$ aws iam list-groups

Step 2: Attach the policy to the group

You can choose to create a new IAM policy that grants or denies access to the service, or use predefined policies that suit your needs.

I will use the database administrator strategy already in the IAM strategy list. Before attaching an existing policy, you need Amazon Resource Name (ARN) The IAM strategy you want to attach.

You can easily obtain the ARN of a policy by clicking on the policy name and viewing the summary.

Copy the ARN and use it to attach the policy to the IAM user group.

aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/IAMUserChangePassword --group-name DB-Admins

aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/job-function/DatabaseAdministrator --group-name DB-Admins

For more details Amazon Resource Name (ARN)

Confirm the change by listing all policies attached to the IAM group:

$ aws iam  list-attached-group-policies --group-name DB-Admins
    "AttachedPolicies": [
            "PolicyName": "DatabaseAdministrator",
            "PolicyArn": "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator"
            "PolicyName": "IAMUserChangePassword",
            "PolicyArn": "arn:aws:iam::aws:policy/IAMUserChangePassword"

Step 3: Create an AWS IAM user

Now that we have an IAM group with additional policies, we can create an IAM user.

aws iam create-user --user-name Alice --tags '{"Key": "Name", "Value": "Alice Karanja"}'

If the user needs to log in to the AWS console, please set a password.

aws iam create-login-profile 
  --user-name Alice 
  --password '3}~L=LMN]KeV3}qZ' 

You can use Strong to generate complex user passwords Random password generator.

Step 4: Add users to the IAM group

Let’s add users to the group to inherit the permissions added to the group.

aws iam add-user-to-group --user-name Alice --group-name  DB-Admins

Step 5: Add other IAM policies to users

If you want a user to have specific access rights to resources, you can attach a policy directly to the user. The strategy can be predefined or the strategy you want to create.


aws iam attach-user-policy 
  --user-name Alice


Related guidelines:

How to rename IAM username on AWS

Recommended Books: The highest rated AWS Cloud certification preparation books

You can download this article in PDF format to support us through the following link.

Download the guide in PDF format

turn off