AWS Identity and Access Management
User Guide

Adding and Removing Users in an IAM Group

Use groups to apply the same permissions policies across multiple users at once. You can then add users to or remove users from an IAM group. This is useful as people enter and leave your organization.

View Policy Access

Before you change the permissions for a policy, you should review its recent service-level activity. This is important because you don't want to remove access from a principal (person or application) who is using it. For more information about viewing service last accessed data, see Reducing Permissions Using Service Last Accessed Data.

Add or Remove a User in a Group (Console)

You can use the AWS Management Console to add or remove a user from a group.

To add a user to an IAM group (console)

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Groups and then choose the name of the group.

  3. Choose the Users tab and then choose Add Users to Group. Select the check box next to the users you want to add.

  4. Choose Add Users.

To remove a user from an IAM group (console)

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Groups and then choose the name of the group.

  3. Choose the Users tab and then choose Remove Users from Group. Select the check box next to the users you want to remove.

  4. Choose Remove Users.

Add or Remove a User in a Group (AWS CLI)

You can use the AWS CLI to add or remove a user from a group.

To add a user to an IAM group (AWS CLI)

To remove a user from an IAM group (AWS CLI)

Add or Remove a User in a Group (AWS API)

You can use the AWS API to add or remove a user in a group.

To add a user to an IAM group (AWS API)

To remove a user from an IAM group (AWS API)