Manage IAM Groups using Python and AWS CLI

In this article, we are going to manage AWS IAM Groups using Python and AWS CLI. IAM Groups are the recommended way to manage AWS permissions for a collection of users. Let us learn how we can master IAM group operations.

Create IAM Group

We can create the IAM group in the following ways in python and AWS CLI.

List All Groups in IAM

We can list all IAM groups in AWS.

We can achieve the same using AWS CLI using the following command

Adding Users to IAM Group

We can add users to the group with Python using the following script.

Using AWS CLI, we can run the following command to add a user to the group.

Listing All users in specific IAM group

Often, we might need to list all users who belong to a particular group. Using Python, we can list users using the following script.

For doing the same in AWS CLI, we need to run the following command.

Removing Users from IAM groups

We can remove users from the IAM group using python using the function below.

Attaching Policies to IAM Group

We can manage permissions for all users in the group with IAM policies. We can attache policy to IAM group and it will affect all users in that group. Let us write a script to attach a policy to the IAM group using Python.

Listing Attached policies to IAM Group

It is easier to manage policies for users at the group level. Any policy attached to that group will be applied to all of its members. We can check all policies attached to that group using the below method

We can do the same thing using AWS CLI as well.

Removing attached policies to IAM group

We can remove the attached policies to IAM groups.

Using AWS CLI, we can run below command

Deleting IAM group

In the last group operation of this article, we are going to learn how to delete the IAM group. Before deleting any group, we need to remove all members from that group and detach all policies attached to that group. Then only we will be able to delete the IAM group.

Conclusion

In this tutorial on AWS IAM, we have gone through how to manage IAM group operations like create, add user, add/remove policy and delete using python and AWS CLI. I hope you have found it useful. See you in the next article, until then keep learning 🙂

Similar Posts