How To Assign / Remove Policy To IAM User Group Using CLI

In last session we have learned how to create IAM users and groups. If you missed that please go through it, if you required.

How To Assign Policy To User Group:

To assign policy to group, we will need ARN which is Amazon unique resource name.

To get ARN of particular policy got to AWS management console by navigating IAM->Policies then click on 'Administrator Access' policy to get ARN of this policy.

Lets assume we want to use 'Administrator Access' policy for IAM group but we can select any other policies from AWS console as per our requirement.

>> aws iam attach-group-policy --policy=EnterpolicyARNHere --group-name pggroup


How To Remove User From IAM Group:

We can use command below to remove any user from IAM group.

>> aws iam remove-user-from-group --group-name pggroup --user-name pgtestuser


Delete IAM Group Using CLI:

>> aws iam delete-group --group-name pggroup 

Please make a note, before executing this command we need to detached policy of this group otherwise it will throw error. Like "An error occurred (DeleteConflict) when calling the DeleteGroup operation: Cannot delete entity, must detach all policies first."

So lets first remove policy from this IAM group using command below.

>> aws iam detach-group-policy --policy=EnterPolicyARNHere --group-name pggroup

After executing this command, this group has no users and policies assigned to it.

Now we are ready to remove this IAM group using CLI successfully.

>> aws iam delete-group --group-name pggroup

We can verify this group from AWS console once it has been deleted.


Happy Learning AWS Services!!!! :) Still Doubts? lets put your questions in below comment box! Thanks!

Watch Video: