# Operations Descriptions and Examples

This section provides in-depth descriptions of each operation, empowering you to harness the full potential of IAM in effectively managing access and permissions within your system.

## Users and Groups management

### Users management

* create-user: Create a new user in IAM with the specified parameters.
* create-login-profile: Create a password for an IAM user.
* delete-user: Delete an existing user from IAM.
* list-users: Retrieve a list of all users in IAM.

{% tabs %}
{% tab title="create-user" %}
aws iam create-user --user-name "<youruser@yourdomain.com>" --endpoint-url <https://iam.impossibleapi.net/> --profile aws
{% endtab %}

{% tab title="create-login-profile" %}
aws iam create-login-profile --user-name "<youruser@yourdomain.com>" --password 'Y0urP\@Ssw0rd!' --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="delete-user" %}
aws iam delete-user --user-name "<youruser@yourdomain.com>" --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="list-users" %}
aws iam list-users --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}
{% endtabs %}

### Groups management

* create-group: Create a new group in IAM with the given attributes.
* delete-group: Delete an existing group from IAM.
* list-groups: Retrieve a list of all groups in IAM.
* get-group: Retrieve detailed information about a specific group in IAM.

{% tabs %}
{% tab title="create-group" %}
aws iam create-group --group-name your\_group\_name --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="delete-group" %}
aws iam delete-group --group-name your\_group\_name --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="list-groups" %}
aws iam list-groups --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="get-group" %}
aws iam get-group --group-name your\_group\_name --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}
{% endtabs %}

### Users and groups advanced operations

* add-user-to-group: Add a user to a specific group in IAM.
* remove-user-from-group: Remove a user from a specific group in IAM.
* list-groups-for-user: Retrieve a list of groups associated with a particular user.

{% tabs %}
{% tab title="add-user-to-group" %}
aws iam add-user-to-group --user-name "<youruser@yourdomain.com>" --group-name your\_group\_name --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="remove-user-from-group" %}
aws iam remove-user-from-group --user-name "<youruser@yourdomain.com>" --group-name your\_group\_name --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="list-groups-for-user" %}
aws iam list-groups-for-user --user-name "<youruser@yourdomain.com>" --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}
{% endtabs %}

## Access keys management

* create-access-key: Generate a new access key for an IAM user.
* list-access-keys: Retrieve a list of access keys associated with an IAM user.

{% tabs %}
{% tab title="create-access-key" %}
aws iam create-access-key --user-name "<youruser@yourdomain.com>" --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="list-access-keys" %}
aws iam list-access-keys --user-name "<youruser@yourdomain.com>" --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="delete-access-key" %}
aws iam delete-access-key --user-name "<youruser@yourdomain.com>" --access-key-id "your access key id" --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}
{% endtabs %}

## Policies management

### Policies: basic operations

* Create a new policy in IAM with the specified permissions.

{% hint style="warning" %}
When creating a policy, you have two options for specifying the policy document. You can either include the policy directly in the command using the "**--policy-document**" parameter, or you can create a separate JSON file (e.g., policy.json) containing the policy and use the "**--policy-document file://policy.json**" format where **file://policy.json** is the local path to your **policy.json** file.

Policies versions are not supported. Please use "--version-id 1" for the **get-policy-version** subcommand.

Please also beware of the [limitations](broken://pages/0Yq2gQJ0ZnzeX328Qc2O).
{% endhint %}

* delete-policy: Delete an existing policy from IAM.
* get-policy-version: Retrieve full information about a specific version of a policy in IAM.
* Retrieve a list of all policies in IAM.

{% tabs %}
{% tab title="create-policy: command" %}
aws iam create-policy --policy-name your\_policy\_name --policy-document '{"Version": "2012-10-17", "Statement": \[{"Effect": "Allow", "Action": \["s3:GetObject", "s3:GetObjectVersion", "s3:PutObject"], "Resource": \["arn:aws:s3:::**bucket\_name**/\*"]}]}' --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="create-policy: json file" %}
aws iam create-policy --policy-name your\_policy\_name --policy-document file://policy.json --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="delete-policy" %}
aws iam delete-policy --policy-arn arn:ipcld:iam::**YourCanonicalID**:policy/your\_policy\_name --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="get-policy-version" %}
aws iam get-policy-version --policy-arn="arn:ipcld:iam::**YourCanonicalID**:policy/your\_policy\_name" --version-id 1 --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="list-policies" %}
aws iam list-policies --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="gey-policy" %}
aws iam get-policy --policy-arn="arn:ipcld:iam::**YourCanonicalID**:policy/your\_policy\_name" --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}
{% endtabs %}

{% hint style="info" %}
[How to retrieve your CanonicalID.](broken://pages/y3flD8vEI9xyCCvoCZMP)
{% endhint %}

### Policies: advanced operations

* attach-group-policy: Attach a policy to a specific group in IAM.
* detach-group-policy: Detach a policy from a specific group in IAM.
* list-attached-group-policies: Retrieve a list of policies attached to a specific group in IAM.

{% tabs %}
{% tab title="attach-group-policy" %}
aws iam attach-group-policy --group-name your\_group\_name --policy-arn arn:ipcld:iam::**YourCanonicalID**:policy/your\_policy\_name --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="detach-group-policy" %}
aws iam detach-group-policy --group-name your\_group\_name --policy-arn arn:ipcld:iam::**YourCanonicalID**:policy/your\_policy\_name --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}

{% tab title="list-attached-group-policies" %}
aws iam list-attached-group-policies --group-name your\_group\_name --endpoint-url <https://iam.impossibleapi.net> --profile aws
{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.impossiblecloud.com/impossible-cloud-help/impossible-cloud-storage-guide/cli-user-guide/aws-cli-iam/operations-descriptions-and-examples.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.