LinuxCommandLibrary

aws-iam

Manage AWS IAM resources

TLDR

List users

$ aws iam list-users
copy

List policies
$ aws iam list-policies
copy

List groups
$ aws iam list-groups
copy

Get users in a group
$ aws iam get-group --group-name [group_name]
copy

Describe an IAM policy
$ aws iam get-policy --policy-arn arn:aws:iam::aws:policy/[policy_name]
copy

List access keys
$ aws iam list-access-keys
copy

List access keys for a specific user
$ aws iam list-access-keys --user-name [user_name]
copy

Display help
$ aws iam help
copy

SYNOPSIS

aws iam [options] [parameters]

PARAMETERS

--debug
    Turn on debug logging.

--output
    The formatting style for command output (json, text, table).

--query
    A JMESPath query to use in filtering the response data.

--profile
    Use a specific profile from your credential file.

--region
    The AWS region to use.

--version
    Display the version of the AWS CLI.

DESCRIPTION

The `aws-iam` command (more accurately, the AWS CLI with the `iam` subcommand) provides a command-line interface to manage AWS Identity and Access Management (IAM) resources. It allows users to create, update, and delete IAM users, groups, roles, policies, and other IAM entities. This is crucial for automating IAM tasks, scripting security configurations, and integrating IAM management into CI/CD pipelines. By leveraging `aws-iam`, administrators can precisely control access to AWS services and resources, adhering to the principle of least privilege. It interacts directly with the AWS IAM service, enabling fine-grained control over permissions and security. The AWS CLI needs to be installed and configured with valid AWS credentials before `aws-iam` commands can be executed.

IAM SUBCOMMANDS

IAM offers a wide array of subcommands for specific tasks:
-`aws iam create-user`: Creates a new IAM user.
-`aws iam create-role`: Creates a new IAM role.
-`aws iam create-policy`: Creates a new IAM policy.
-`aws iam attach-role-policy`: Attaches a policy to a role.
-`aws iam list-users`: Lists all IAM users.
-`aws iam get-user`: Retrieves information about a specific IAM user.
-`aws iam delete-user`: Deletes an IAM user.

CREDENTIALS AND CONFIGURATION

The AWS CLI relies on properly configured credentials. You can configure credentials using `aws configure`. Multiple profiles can be managed for accessing different AWS accounts or regions. It's crucial to secure these credentials to prevent unauthorized access.

IMPORTANT NOTES

Make sure the AWS cli is installed, configured with sufficient permissions and up to date before use.
IAM Policies are crucial for granting permissions. Thoroughly review policies before applying them.
Always adhere to the principle of least privilege.

HISTORY

The `aws-iam` command is part of the AWS Command Line Interface (CLI), which has evolved over time as AWS services have grown. Its development aimed to provide programmatic access to IAM functionalities, enabling automation and integration with other tools. The command structure and available subcommands have been updated to reflect new IAM features and best practices.

SEE ALSO

aws(1), aws-s3(1), aws-ec2(1)

Copied to clipboard