Creating IAM user groups - AWS Identity and Access Management

Creating IAM user groups

To set up a user group, you need to create the group. Then give the group permissions based on the type of work that you expect the users in the group to do. Finally, add users to the group.

For information about the permissions that you need in order to create a user group, see Permissions required to access IAM resources.

To create an IAM user group and attach policies (console)

  1. Sign in to the AWS Management Console and open the IAM console at

  2. In the navigation pane, choose User groups and then choose Create group.

  3. For User group name, type the name of the group.


    The number and size of IAM resources in an AWS account are limited. For more information, see IAM and AWS STS quotas, name requirements, and character limits. Group names can be a combination of up to 128 letters, digits, and these characters: plus (+), equal (=), comma (,), period (.), at sign (@), underscore (_), and hyphen (-). Names must be unique within an account. They are not distinguished by case. For example, you cannot create groups named both ADMINS and admins.

  4. In the list of users, select the check box for each user that you want to add to the group.

  5. In the list of policies, select the check box for each policy that you want to apply to all members of the group.

  6. Choose Create group.

For an example of how to set up an Administrators user group, see Creating your first IAM admin user and user group.

To create IAM user groups (AWS CLI or AWS API)

Use one of the following: