AWS CloudFormation
User Guide (API Version 2010-05-15)


The AWS::IAM::User type creates a user.


   "Type": "AWS::IAM::User",
   "Properties": {
      "Groups": [ String, ... ],
      "LoginProfile": LoginProfile Type,
      "ManagedPolicyArns": [ String, ... ],
      "Path": String,
      "Policies": [ Policies, ... ]



A name of a group to which you want to add the user.

Required: No

Type: List of strings

Update requires: No interruption


Creates a login profile so that the user can access the AWS Management Console.

Required: No

Type: IAM User LoginProfile

Update requires: No interruption


One or more managed policy ARNs to attach to this user.

Required: No

Type: List of strings

Update requires: No interruption


The path for the user name. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access Management.

Required: No

Type: String

Update requires: No interruption


The policies to associate with this user. For information about policies, see Overview of Policies in [Using IAM].


If you specify multiple polices, specify unique values for the policy name. If you don't, updates to the IAM user will fail.

Required: No

Type: List of IAM Policies

Update requires: No interruption

Return Values


Specifying this resource ID to the intrinsic Ref function will return the UserName. For example: mystack-myuser-1CCXAFG2H2U4D.

For more information about using the Ref function, see Ref.


Fn::GetAtt returns a value for a specified attribute of this type. This section lists the available attributes and sample return values.


Returns the Amazon Resource Name (ARN) for the specified AWS::IAM::User resource. For example: arn:aws:iam::123456789012:user/mystack-myuser-1CCXAFG2H2U4D.

For more information about using Fn:GetAtt, see Fn::GetAtt.

Template Examples

To view AWS::IAM::User snippets, see: Declaring an IAM User Resource