Guozhen AIGlobal AI field notes and model intelligence
English homeOriginal Chinese

English translation

Create a new group

Published:

Category: AWS

Read time: 3 min

Reads: 0

Lesson #7Views are counted together with the original Chinese articleImages are preserved from the source page

AI Article Decision Snapshot

Turn the lesson into workflow, model, budget, and security checks before choosing tools.

Use this quick snapshot before leaving the article. It keeps the next search tied to practical AI software, model/API, cost, privacy, and implementation questions.

Workflow fit

Identify the real job behind the article: coding, research, document review, support, analytics, content, or internal automation.

Model or tool decision

Decide whether the next step is a software shortlist, an AI tool comparison, an API platform choice, or a model benchmark.

Budget and usage signal

Estimate seats, API calls, prompt volume, retries, review time, and fallback work before assuming the workflow is cheap.

Security and privacy review

Check whether source code, customer data, private documents, prompts, logs, or embeddings will enter the AI workflow.

In the previous tutorial, we explored how to host applications using AWS Elastic Beanstalk. In this tutorial, we’ll dive deep into AWS Identity and Access Management (IAM) and its role management. Security is paramount in cloud environments; therefore, properly configuring permissions and access controls helps safeguard your resources.

What Is IAM?

AWS Identity and Access Management (IAM) is a web service that enables you to securely control access to AWS services and resources. With IAM, you can create and manage users, groups, roles, and permissions—determining who can access your AWS resources and how they can access them.

Core Concepts

  1. Users: Represent an individual or application identity. Users can be assigned specific permissions.
  2. Groups: Collections of users. Permissions granted to a group are inherited by all users within it.
  3. Roles: Sets of permissions that can be temporarily assumed by AWS services, users, or applications—offering greater flexibility than users.
  4. Policies: JSON-formatted permission definitions specifying which actions are allowed (or denied) on which resources.

Managing IAM Users and Groups

Creating IAM Users and Groups

You can easily create IAM users and groups via the AWS Management Console. Here’s how:

  1. Sign in to the AWS Management Console.
  2. Select IAM.
  3. In the left navigation pane, choose Users, then click Add user.
  4. Enter a user name and configure access type (e.g., access keys).
  5. After creating the user, you may add them to an existing group—or create a new one.
  6. Attach permission policies to the group.

Example: Creating Users and Groups Using the AWS CLI

Below is an example of creating users and groups with the AWS CLI:

# Create a new group
aws iam create-group --group-name Developers

# Create a user
aws iam create-user --user-name Alice

# Add the user to the group
aws iam add-user-to-group --group-name Developers --user-name Alice

# Attach a permission policy to the group
aws iam attach-group-policy --group-name Developers --policy-arn arn:aws:iam::aws:policy/AdministratorAccess

IAM Role Management

Defining and Using Roles

An IAM role is a highly flexible concept in AWS—it is not permanently tied to any specific user or group but can be temporarily assumed by AWS services, IAM identities, or applications. Roles let you grant precise permissions to resources such as EC2 instances or Lambda functions.

Creating a Role

You can create roles using either the AWS Management Console or the AWS CLI. Steps include:

  1. Sign in to the AWS Management Console.
  2. Select IAM, then choose Roles.
  3. Click Create role.
  4. Select AWS service as the trusted entity and choose the service (e.g., EC2).
  5. Attach appropriate permission policies to the role.
  6. Complete role creation.

Example: Configuring an IAM Role for an EC2 Instance

Suppose you want your EC2 instance to access an S3 bucket. You can achieve this as follows:

  1. Create a role with S3 access permissions.
  2. Assign that role when launching the EC2 instance.

Here’s an AWS CLI example demonstrating role creation and attachment:

# Create an S3 access role
aws iam create-role --role-name S3AccessRole --assume-role-policy-document file://trust-policy.json

# The trust-policy.json file should contain:
# {
#   "Version": "2012-10-17",
#   "Statement": [
#     {
#       "Effect": "Allow",
#       "Principal": {
#         "Service": "ec2.amazonaws.com"
#       },
#       "Action": "sts:AssumeRole"
#     }
#   ]
# }

# Attach the S3 read-only access policy
aws iam attach-role-policy --role-name S3AccessRole --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

# Launch an EC2 instance with the role attached
aws ec2 run-instances --image-id ami-abcde123 --instance-type t2.micro --iam-instance-profile Name=S3AccessRole

Best Practices

  1. Principle of Least Privilege: Grant users and roles only the minimum permissions required to perform their tasks.
  2. Regular Auditing: Periodically review user and role validity, as well as actual permission usage.
  3. Enable MFA: Strengthen account security by enabling Multi-Factor Authentication (MFA) for IAM users.

Summary

In this tutorial, we introduced AWS Identity and Access Management (IAM) and demonstrated how to create and manage users, groups, and roles. Next, we’ll explore how to define security policies and fine-tune permissions—ensuring your IAM configurations remain both secure and operationally efficient. If you have questions or need further guidance during IAM implementation, consult the AWS official documentation for comprehensive reference material.

Apply This Lesson

Turn this article into AI software, model, API, and security decisions.

AI Software Buyer GuidesCompare AI software categories for industry workflows, enterprise teams, implementation risk, and buying criteria.Compare software
AI Tools WorkbenchMove from the article into calculators, tool guides, alternatives, and role-based AI workflow selection.Open AI tools
Best AI Coding AgentsApply agent tutorials to repo automation, pull request review, test generation, and team development workflows.Choose coding agents
AI Model BenchmarksUse benchmark evidence to compare coding, reasoning, multimodal quality, latency, and production model choices.Review benchmarks
OpenAI vs Anthropic APITurn implementation lessons into API platform decisions around pricing, reliability, latency, and governance.Compare APIs
LLM Security ToolsMove from AI building practice into guardrails, monitoring, red teaming, policy controls, and deployment risk.Compare security

English Article FAQ

Use this article as evidence before choosing AI tools

How should I use this AI Tutorials article?

Use it as the implementation or learning layer, then connect the idea to AI software buyer guides, tool comparisons, benchmarks, API choices, and security checks before making a production decision.

Is this English article different from the Chinese original?

The English edition is localized for global AI readers while preserving the original diagrams, screenshots, prompts, code examples, and source context from the Chinese article.

What should I read after Create a new group?

Continue with AI Software Buyer Guides, AI Tools Workbench, Best AI Coding Agents, AI Model Benchmarks, OpenAI vs Anthropic API, or LLM Security Tools depending on the decision you need to make.

Can this article alone choose an AI product or model?

No. Treat the article as evidence and context, then validate fit with pricing, privacy requirements, integration effort, benchmark results, workflow tests, and fallback planning.

Continue

Keep reading from here

Browse English site
Next lessonAWS Elastic Beanstalk: Simplified Application Hosting on AWSGuidesBrowse AI workflow guidesToolsFind AI tool alternatives

Reader Messages

Reader messages

Questions, corrections, extra sources, or hands-on results can be left here. No login is required.

Max 800 characters

To reduce spam, each message is checked for length, link count, and posting frequency.

0/800

Messages

0 messages
Loading messages...