Manage IAM resources with CLI
The AWS CLI offers a comprehensive set of commands for managing various aspects of IAM. Here’s the comprehensive list of examples demonstrating common operations:
Creating Users:
To create an IAM user, run the below command, This command creates a new IAM user named “new-user.”
aws iam create-user --user-name new-user
Listing Users and Roles:
aws iam list-users
This will list the IAM users in the mentioned profile, with basic details, like Username, UserId, Arn, and createdDate, refer the sample below.
aws iam list-roles
These commands list all the roles currently existed in your AWS account, with all basic details, RoleName, RoleID, Arn, and AssumeRolePolicyDoc.
Create Access Keys for Users:
This below command generates a new access key ID and secret access key for the user new-user, we can use it for various use cases like CLI, SDK.
aws iam create-access-key --user-name new-user
Create IAM Groups:
aws iam create-group --group-name new-user-group
This command creates a new IAM group named new-user-group.
Add Users to Groups:
aws iam add-user-to-group --user-name new-user --group-name new-user-group
This command adds the user new-user to the group new-user-group.
Create IAM Roles:
aws iam create-role --role-name my-new-role --assume-role-policy-document file://trust-policy.json
This command creates a new IAM role named my-new-role.
Attach Permissions Policies to Roles:
aws iam attach-role-policy --role-name my-new-role --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess
This command attaches the managed policy “AmazonEC2FullAccess” to the role my-new-role, granting access to EC2 resources.
Assume IAM Roles:
aws sts assume-role --role-arn arn:aws:iam::123456789012:role/my-new-role --role-session-name my-temp-session
This command allows you to temporarily assume the permissions of the role my-new-role for a specific session named my-temp-session.
These are just a few examples, and the AWS CLI offers a comprehensive range of commands for managing IAM entities and permissions.
AWS CLI For Identity And Access Management
Amazon Web Services (AWS) is a comprehensive cloud computing platform offering many services, including storage, computing, databases, and more. AWS Identity and Access Management (IAM) is a core AWS service that allows you to securely control who can access your AWS resources and what actions they can perform. IAM enables you to create users, groups, and roles, and define granular permissions for each.