Comment on page

Operations Descriptions and Examples

This section provides in-depth descriptions of each operation, empowering you to harness the full potential of IAM in effectively managing access and permissions within your system.

Users and Groups management

Users management

  • create-user: Create a new user in IAM with the specified parameters.
  • create-login-profile: Create a password for an IAM user.
  • delete-user: Delete an existing user from IAM.
  • list-users: Retrieve a list of all users in IAM.
aws iam create-user --user-name "[email protected]" --endpoint-url h ttps:// --region us-west-1 --profile=aws
aws iam create-login-profile --user-name "[email protected]" --password 'Y0urP@Ssw0rd!' --endpoint-url --region us-west-1 --profile=aws
aws iam delete-user --user-name "[email protected]" --endpoint-url --region us-west-1 --profile=aws
aws iam list-users --endpoint-url --region us-west-1 --pro file=aws

Groups management

  • create-group: Create a new group in IAM with the given attributes.
  • delete-group: Delete an existing group from IAM.
  • list-groups: Retrieve a list of all groups in IAM.
  • get-group: Retrieve detailed information about a specific group in IAM.
aws iam create-group --group-name your_group_name --endpoint-url --region us-west-1 --profile=aws
aws iam delete-group --group-name your_group_name --endpoint-url --region us-west-1 --profile=aws
aws iam list-groups --endpoint-url --region us-west-1 --profile=aws
aws iam get-group --group-name your_group_name --endpoint-url --region us-west-1 --profile=aws

Users and groups advanced operations

  • add-user-to-group: Add a user to a specific group in IAM.
  • remove-user-from-group: Remove a user from a specific group in IAM.
  • list-groups-for-user: Retrieve a list of groups associated with a particular user.
aws iam add-user-to-group --user-name "[email protected]" --group-name your_group_name --endpoint-url --region us-west-1 --profile=aws
aws iam remove-user-from-group --user-name "[email protected]" --group-name your_group_name --endpoint-url --region us-west-1 --profile=aws
aws iam list-groups-for-user --user-name "[email protected]" --endpoint-url --region us-west-1 --profile=aws

Access keys management

  • create-access-key: Generate a new access key for an IAM user.
  • list-access-keys: Retrieve a list of access keys associated with an IAM user.
aws iam create-access-key --user-name "[email protected]" --endpoint-url --region us-west-1 --profile=aws
aws iam list-access-keys --user-name "[email protected]" --endpoint-url --region us-west-1 --profile=awsaws iam create-access-key --user-name "[email protected]" --endpoint-url --region us-west-1 --profile=aws
aws iam delete-access-key --user-name "[email protected]" --access-key-id "your access key id" --endpoint-url --region us-west-1 --profile=aws

Policies management

Policies: basic operations

  • Create a new policy in IAM with the specified permissions.
When creating a policy, you have two options for specifying the policy document. You can either include the policy directly in the command using the "--policy-document" parameter, or you can create a separate JSON file (e.g., policy.json) containing the policy and use the "--policy-document file://policy.json" format where file://policy.json is the local path to your policy.json file.
Policies versions are not supported. Please use "--version-id 1" for the get-policy-version subcommand.
Please also beware of the limitations.
  • delete-policy: Delete an existing policy from IAM.
  • get-policy-version: Retrieve full information about a specific version of a policy in IAM.
  • Retrieve a list of all policies in IAM.
create-policy: command
create-policy: json file
aws iam create-policy --policy-name your_policy_name --policy-document '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["s3:GetObject", "s3:GetObjectVersion", "s3:PutObject"], "Resource": ["arn:aws:s3:::bucket_name/*"]}]}' --endpoint-url --region us-west-1 --profile=aws
aws iam create-policy --policy-name your_policy_name --policy-document file://policy.json --endpoint-url --region us-west-1 --profile=aws
aws iam delete-policy --policy-arn arn:ipcld:iam::YourCanonicalID:policy/your_policy_name --endpoint-url --region us-west-1 --profile=aws
aws iam get-policy-version --policy-arn="arn:ipcld:iam::YourCanonicalID:policy/your_policy_name" --version-id 1 --endpoint-url --region us-west-1 --profile=aws
aws iam list-policies --endpoint-url --region us-west-1 --profile=aws
aws iam get-policy --policy-arn="arn:ipcld:iam::YourCanonicalID:policy/your_policy_name" --endpoint-url --region us-west-1 --profile=aws

Policies: advanced operations

  • attach-group-policy: Attach a policy to a specific group in IAM.
  • detach-group-policy: Detach a policy from a specific group in IAM.
  • list-attached-group-policies: Retrieve a list of policies attached to a specific group in IAM.
aws iam attach-group-policy --group-name your_group_name --policy-arn arn:ipcld:iam::YourCanonicalID:policy/your_policy_name --endpoint-url --region us-west-1 --profile=aws
aws iam detach-group-policy --group-name your_group_name --policy-arn arn:ipcld:iam::YourCanonicalID:policy/your_policy_name --endpoint-url --region us-west-1 --profile=aws
aws iam list-attached-group-policies --group-name your_group_name --endpoint-url --region us-west-1 --profile=aws
Last modified 4mo ago