Demo IAM Groups

Prerequisites
Step 1: Open the IAM Console
Step 2: Create the “HR” Group
Step 3: Create the “IT” Group
Summary of IAM Groups
Links and References

In this tutorial, you’ll learn how to create IAM groups in the AWS Management Console, attach policies, and add existing users. We’ll set up two groups:

HR: Grants access to a specific S3 bucket.
IT: Provides full administrative privileges.

Always follow the principle of least privilege when assigning permissions. Create custom policies scoped to the resources your team actually needs.

Prerequisites

An AWS account with sufficient privileges to manage IAM resources.
Existing IAM users (e.g., John, Sarah).

Step 1: Open the IAM Console

Sign in to the AWS Management Console.
Navigate to Services > Security, Identity, & Compliance > IAM.
In the left pane, select User groups.

You should see a list of your current IAM user groups (if any).

Step 2: Create the “HR” Group

Click Create group.
Enter HR as the Group name.
Under Add users to group, select John.

In Attach managed policies, click Create policy, then paste the JSON below:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "HRPolicy",
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::company1-hr-bucket",
        "arn:aws:s3:::company1-hr-bucket/*"
      ]
    }
  ]
}

Review the policy, give it a name like HRPolicy, and attach it to the group.
Click Create group to finalize.

The image shows the AWS Identity and Access Management (IAM) console, specifically the "User groups" section, where an "HR" user group has been created with one user and defined permissions.

Step 3: Create the “IT” Group

Click Create group again.
Enter IT as the Group name.
Select Sarah under Add users to group.
In Attach managed policies, search for and select AdministratorAccess.
Click Create group.

The IT group will now have full AWS administrative access.

The image shows the AWS Identity and Access Management (IAM) console, displaying user groups with two groups named "HR" and "IT," each having one user and defined permissions.

Summary of IAM Groups

Group	User	Policy	Access Scope
HR	John	HRPolicy	`company1-hr-bucket` S3 bucket
IT	Sarah	AdministratorAccess	Full AWS services and resource control

Links and References

Review and regularly audit your IAM policies to ensure compliance and security.

Watch Video

Practice Lab

AWS CLI and SDK

IAM Policies and Permissions

⌘I

Introduction

Introduction to AWS Identity and Access Management

IAM Policies Federation STS and MFA

Configure AWSIAM at Scale

Prerequisites

Step 1: Open the IAM Console

Step 2: Create the “HR” Group

Step 3: Create the “IT” Group

Summary of IAM Groups

Links and References

Watch Video

Practice Lab

Introduction

Introduction to AWS Identity and Access Management

IAM Policies Federation STS and MFA

Configure AWSIAM at Scale

​Prerequisites

​Step 1: Open the IAM Console

​Step 2: Create the “HR” Group

​Step 3: Create the “IT” Group

​Summary of IAM Groups

​Links and References

Watch Video

Practice Lab

Prerequisites

Step 1: Open the IAM Console

Step 2: Create the “HR” Group

Step 3: Create the “IT” Group

Summary of IAM Groups

Links and References