AWS CloudFormation
User Guide (API Version 2010-05-15)


The AWS::IAM::Group type creates an Identity and Access Management (IAM) group.

This type supports updates. For more information about updating stacks, see AWS CloudFormation Stacks Updates.


   "Type": "AWS::IAM::Group",
   "Properties": {
      "ManagedPolicyArns": [ String, ... ],
      "Path": String,
      "Policies": [ Policies, ... ]



One or more managed policy ARNs to attach to this group.

Required: No

Type: List of strings

Update requires: No interruption


The path to the group. For more information about paths, see Identifiers for IAM Entities in Using IAM.

Required: No

Type: String

Update requires: No interruption


The policies to associate with this group. For information about policies, see Overview of Policies in Using IAM.

Required: No

Type: List of IAM Policies

Update requires: No interruption

Return Values


Specifying this resource ID to the intrinsic Ref function will return the GroupName. For example: mystack-mygroup-1DZETITOWEKVO.

For more information about using the Ref function, see Ref.


Fn::GetAtt returns a value for a specified attribute of this type. This section lists the available attributes and sample return values.


Returns the Amazon Resource Name (ARN) for the AWS::IAM::Group resource. For example: arn:aws:iam::123456789012:group/mystack-mygroup-1DZETITOWEKVO.

For more information about using Fn:GetAtt, see Fn::GetAtt.

Template Examples

To view AWS::IAM::Group snippets, see Declaring an IAM Group Resource