Creating IAM users and groups
This topic describes how to use Amazon Command Line Interface (Amazon CLI) commands to create an Amazon Identity and Access Management (IAM) group and a new user, and then add the user to the group. For more information on the IAM service, see the Amazon Identity and Access Management User Guide.
Before you run any commands, set your default credentials. For more information, see Configuring the Amazon CLI.
To create a group and add a new user to it
-
Use the
create-groupcommand to create the group. $aws iam create-group --group-nameMyIamGroup{ "Group": { "GroupName": "MyIamGroup", "CreateDate": "2018-12-14T03:03:52.834Z", "GroupId": "AGPAJNUJ2W4IJVEXAMPLE", "Arn": "arn:aws-cn:iam::123456789012:group/MyIamGroup", "Path": "/" } } -
Use the
create-usercommand to create the user. $aws iam create-user --user-nameMyUser{ "User": { "UserName": "MyUser", "Path": "/", "CreateDate": "2018-12-14T03:13:02.581Z", "UserId": "AIDAJY2PE5XUZ4EXAMPLE", "Arn": "arn:aws-cn:iam::123456789012:user/MyUser" } } -
Use the
add-user-to-groupcommand to add the user to the group. $aws iam add-user-to-group --user-nameMyUser--group-nameMyIamGroup -
To verify that the
MyIamGroupgroup contains theMyUser, use theget-groupcommand. $aws iam get-group --group-nameMyIamGroup{ "Group": { "GroupName": "MyIamGroup", "CreateDate": "2018-12-14T03:03:52Z", "GroupId": "AGPAJNUJ2W4IJVEXAMPLE", "Arn": "arn:aws-cn:iam::123456789012:group/MyIamGroup", "Path": "/" }, "Users": [ { "UserName": "MyUser", "Path": "/", "CreateDate": "2018-12-14T03:13:02Z", "UserId": "AIDAJY2PE5XUZ4EXAMPLE", "Arn": "arn:aws-cn:iam::123456789012:user/MyUser" } ], "IsTruncated": "false" }