In AWS IAM, a user group is a collection of IAM users, that are managed as a single entity. The main purpose of a user group is to simplify the management of permissions for multiple users. Instead of assigning permissions individually to each user, you can assign policies to a user group, and any users added to that group will inherit those permissions.
We share a list of the common AWS IAM Groups you can create for your organization.
Common IAM Groups
Administrators
Permissions: Full access to all AWS resources.
Use case: Users who need full administrative access to manage AWS resources and services.
Policy Example: AdministratorAccess
Group Name: Admins
Power Users
Permissions: Similar to admins but without permission to manage IAM (Identity and Access Management) itself.
Use case: Users who need nearly full access but not control over IAM settings and user management.
Policy Example: PowerUserAccess
Group Name: PowerUsers
Read-Only Users
Permissions: Read-only access to all AWS resources.
Use case: Users who only need to view resources and settings but cannot modify anything.
Policy Example: ReadOnlyAccess
Group Name: ReadOnly
Billing and Cost Management
Permissions: Access to billing and cost management services only.
Use case: Users who need to view billing information but should not have access to other resources.
Policy Example: AWSBillingReadOnlyAccess
Group Name: Billing
Security Auditors
Permissions: Read-only access to security-related resources (e.g., AWS CloudTrail, security logs).
Use case: Users who need to audit security activities and monitor for potential vulnerabilities.
Policy Example: SecurityAudit
Group Name: Auditors
Support
Permissions: Limited access to AWS resources and the ability to manage support cases.
Use case: Users who require support-related access but should not interact with other resources.
Policy Example: AWSSupportAccess
Group Name: Support
S3 Bucket Access
Permissions: Access to specific S3 buckets and their contents.
Use case: Users who need to manage or access specific S3 buckets.
Policy Example: AmazonS3FullAccess or custom S3 policies restricting access to specific buckets.
Group Name: S3Users
Database Access
Permissions: Access to RDS, DynamoDB, and other database services.
Use case: Users who need to manage or access databases in AWS.
Policy Example: AmazonRDSFullAccess, AmazonDynamoDBFullAccess
Group Name: DBAdmins or DBUsers
Lambda and Compute Access
Permissions: Access to manage AWS Lambda functions, EC2 instances, or other compute services.
Use case: Developers and engineers who need to deploy and manage serverless applications or compute resources.
Policy Example: AWSLambda_FullAccess, AmazonEC2FullAccess
Group Name: LambdaDev or ComputeAdmins
Developer Access
Permissions: Access to specific development-related resources, including EC2, Lambda, and Code services.
Use case: Developers who need to build, test, and deploy applications.
Policy Example: AmazonEC2FullAccess, AWSLambda_FullAccess, AWSCodeBuildAdminAccess
Group Name: Developers
