1 min read

A cheat sheet for AWS IAM

This is a cheat sheet for AWS IAM.

Users

List all users info

aws iam list-users

List all users info with no pagination

aws iam list-users --no-paginate

List all users usernames

aws iam list-users --output text | cut -f 6

List current user’s information

aws iam get-user

List current user’s access keys

aws iam list-access-keys

Create new user

aws iam create-user --user-name $USERNAME

Get a specific user information

aws iam get-user --user-name $USERNAME

Delete a user

aws iam delete-user --user-name $USERNAME

Access keys

List all access keys

aws iam list-access-keys

List access keys of a specific user

aws iam list-access-keys --user-name $USERNAME

Create a new access key

aws iam create-access-key --user-name $USERNAME \
    --output text | tee UserName.txt

List last access time of an access key

aws iam get-acces-key-last-used --access-key-id AKIAWHATEVEREXAMPLE

Desactivate an access key

aws iam update-access-key --access-key-id AKIAWHATEVEREXAMPLE \
    --status Inactive --user-name $USERNAME

Delete an access key

aws iam delete-access-key --access-key-id AKIAWHATEVEREXAMPLE \
    --user-name $USERNAME

Groups and Policies

List all groups

aws iam list-groups

Create a group

aws iam create-group --group-name $GROUPNAME

Delete a group

aws iam delete-group --group-name $GROUPNAME

List all policies

aws iam list-policies

Get a specific policy

aws iam get-policy --policy-arn <value>

List all users, groups, and role for a given policy

aws iam list-entities-for-policy --policy-arn <value>

List policies for a given group

aws iam list-attached-group-policies --group-name $GROUPNAME

Add a policy to a group

aws iam attach-group-policies --group-name $GROUPNAME \
    --policy-arn <value>

Add a user to a group

aws iam add-user-to-group --group-name $GROUPNAME \
    --user-name $USERNAME

List users for a given group

aws iam get-group --group-name $GROUPNAME

List groups for a given user

aws iam list-group-for-user --user-name $USERNAME

Remove a user from a group

aws iam remove-user-from-group --group-name $GROUPNAME \
    --user-name $USERNAME

Remove policy from a group

aws iam detach-group-policy --group-name $GROUPNAME \
    --policy-arn <value>

Delete a group

aws iam delete-group --group-name $GROUPNAME

Cheers!