Identity and Access Management
The command below lists all users...
aws iam list-users --output table
The command below lists all groups...
aws iam list-groups --output table
The command below shows which groups a specified user belongs to...
aws iam list-groups-for-user --output table --user-name myuser
The command below lists all Policies...
aws iam list-policies --output table
The commands below help you discover which policies apply to a specified user or group...
aws iam list-user-policies --output table --user-name myuser
aws iam list-attached-group-policies --output table --group-name mygroup
This is the password policy that applies to the entire AWS account. All IAM users will have this policy enforced.
aws iam get-account-password-policy --output table
aws iam update-account-password-policy \
--minimum-password-length 15 \
--require-symbols \
--require-numbers \
--require-uppercase-characters \
--require-lowercase-characters \
--allow-users-to-change-password \
--max-password-age 90 \
--password-reuse-prevention 6 \
--hard-expiry
This command will create a policy if one does not already exist.Create User...
aws iam create-user --user-name myuser
Add User to a Group...
aws iam add-user-to-group --group-name mygroup --user-name myuser
Login to the IAM console as root.
On the navigation bar, choose your account name, and then choose My Account.
Next to IAM User and Role Access to Billing Information, choose Edit.
Select the check box to Activate IAM Access and choose Update.
Return to the AWS IAM Console
In the navigation pane, choose Users and then choose Add user.
Add user to group.
Create group.
Best practice suggests groups for such functions as Administrators, Developers, Accounting, etc.
For Administrators... Select the check box for the AdministratorAccess policy.
Choose Create group.
Back on the page with the list of groups, select the check box for your new group. Choose Refresh if you don't see the new group in the list.
Choose Next: Tags.
Optional