AWS Identity and Access Management
User Guide

Renaming an IAM Group

When you change a group's name or path, the following happens:

  • Any policies attached to the group stay with the group under the new name.

  • The group retains all its users under the new name.

  • The unique ID for the group remains the same. For more information about unique IDs, see Unique IDs.

Because IAM does not automatically update policies that refer to the group as a resource to use the new name; you must be careful when you rename a group. Before you rename your group, you must manually check all of your policies to find any polcies where that group is mentioned by name. For example, let's say Bob is the manager of the testing part of the organization, and he has a policy attached to his IAM user entity that lets him add and remove users from the Test group. If an an admin changes the name of the group to Test_1 (or changes the path for the group), the admin also needs to update the policy attached to Bob to use the new name (or new path). Otherwise Bob won't be able to add and remove users from the group.

To find policies that refer to a group as a resource:

  1. From the navigation pane of the IAM console, choose Policies.

  2. From the Policy type drop-down list, choose Customer managed to filter the policies to show only your custom policies.

  3. Choose the arrow next to each policy name to expand the policy summary.

  4. Choose IAM from the list of services, if it exists.

  5. Look for the name of your group in the Resource column.

  6. Choose Edit policy to change the name of your group in the policy.

To change the name of an IAM group