AWS CloudFormation
User Guide (API Version 2010-05-15)
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.


The AWS::IAM::User type creates a user.


   "Type": "AWS::IAM::User",
   "Properties": {
      "Groups": [ String, ... ],
      "LoginProfile": LoginProfile Type,
      "ManagedPolicyArns": [ String, ... ],
      "Path": String,
      "Policies": [ Policies, ... ]



A name of a group to which you want to add the user.

Required: No

Type: List of strings

Update requires: No interruption


Creates a login profile so that the user can access the AWS Management Console.

Required: No

Type: IAM User LoginProfile

Update requires: No interruption


One or more managed policy ARNs to attach to this user.

Required: No

Type: List of strings

Update requires: No interruption


The path for the user name. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access Management.

Required: No

Type: String

Update requires: No interruption


The policies to associate with this user. For information about policies, see Overview of Policies in [Using IAM].

Required: No

Type: List of IAM Policies

Update requires: No interruption

Return Values


Specifying this resource ID to the intrinsic Ref function will return the UserName. For example: mystack-myuser-1CCXAFG2H2U4D.

For more information about using the Ref function, see Ref.


Fn::GetAtt returns a value for a specified attribute of this type. This section lists the available attributes and corresponding return values.


Returns the Amazon Resource Name (ARN) for the specified AWS::IAM::User resource. For example: arn:aws:iam::123456789012:user/mystack-myuser-1CCXAFG2H2U4D.

For more information about using Fn:GetAtt, see Fn::GetAtt.

Template Examples

To view AWS::IAM::User snippets, see: Declaring an IAM User Resource