{
	"id": "a2a2eb29-9c17-4f33-b8d6-2e3f7d610bb1",
	"created_at": "2026-04-06T00:06:40.629603Z",
	"updated_at": "2026-04-10T03:21:52.779873Z",
	"deleted_at": null,
	"sha1_hash": "29110cb9d9f0811d9be2e35f4df19588d224548c",
	"title": "IAM user groups - AWS Identity and Access Management",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43177,
	"plain_text": "IAM user groups - AWS Identity and Access Management\r\nArchived: 2026-04-05 17:31:02 UTC\r\nAn IAM user group is a collection of IAM users. User groups let you specify permissions for multiple users,\r\nwhich can make it easier to manage the permissions for those users. For example, you could have a user group\r\ncalled Admins and give that user group typical administrator permissions. Any user in that user group\r\nautomatically has Admins group permissions. If a new user joins your organization and needs administrator\r\nprivileges you can assign the appropriate permissions by adding the user to the Admins user group. If a person\r\nchanges jobs in your organization, instead of editing that user's permissions you can remove them from the old\r\nIAM groups and add them to the appropriate new IAM groups.\r\nYou can attach an identity-based policy to a user group so that all of the users in the user group receive the policy's\r\npermissions. You cannot identify a user group as a Principal in a policy (such as a resource-based policy)\r\nbecause groups relate to permissions, not authentication, and principals are authenticated IAM entities. For more\r\ninformation about policy types, see Identity-based policies and resource-based policies.\r\nHere are some important characteristics of IAM groups:\r\nA user group can contain many users, and a user can belong to multiple user groups.\r\nUser groups can't be nested; they can contain only users, not other IAM groups.\r\nThere is no default user group that automatically includes all users in the AWS account. If you want to\r\nhave a user group like that, you must create it and assign each new user to it.\r\nThe number and size of IAM resources in an AWS account, such as the number of groups, and the number\r\nof groups that a user can be a member of, are limited. For more information, see IAM and AWS STS\r\nquotas.\r\nThe following diagram shows a simple example of a small company. The company owner creates an Admins user\r\ngroup for users to create and manage other users as the company grows. The Admins user group creates a\r\nDevelopers user group and a Test user group. Each of these IAM groups consists of users (humans and\r\napplications) that interact with AWS (Jim, Brad, DevApp1, and so on). Each user has an individual set of security\r\ncredentials. In this example, each user belongs to a single user group. However, users can belong to multiple IAM\r\ngroups.\r\nSource: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html"
	],
	"report_names": [
		"id_groups.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434000,
	"ts_updated_at": 1775791312,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/29110cb9d9f0811d9be2e35f4df19588d224548c.pdf",
		"text": "https://archive.orkl.eu/29110cb9d9f0811d9be2e35f4df19588d224548c.txt",
		"img": "https://archive.orkl.eu/29110cb9d9f0811d9be2e35f4df19588d224548c.jpg"
	}
}