Creating IAM groups - AWS Identity and Access Management

Creating IAM groups

To set up a group, you need to create the group. Then give the group permissions based on the type of work that you expect the users in the group to do. Finally, add users to the group.

For information about the permissions that you need in order to create a group, see Permissions required to access IAM resources.

To create an IAM group and attach policies (console)

  1. Sign in to the AWS Management Console and open the IAM console at

  2. In the navigation pane, click Groups and then click Create New Group.

  3. In the Group Name box, type the name of the group and then click Next Step.


    The number and size of IAM resources in an AWS account are limited. For more information, see IAM and STS quotas. Group names can be a combination of up to 64 letters, digits, and these characters: plus (+), equal (=), comma (,), period (.), at sign (@), underscore (_), and hyphen (-). Names must be unique within an account. They are not distinguished by case. For example, you cannot create groups named both ADMINS and admins.

  4. In the list of policies, select the check box for each policy that you want to apply to all members of the group. Then click Next Step.

  5. Click Create Group.

For an example of how to set up an Administrators group, see Creating your first IAM admin user and group.

To create IAM groups (AWS CLI or AWS API)

Use one of the following: