identities and groups

Question

identities and groups

Closed this issue 6 years ago · 3 comments

"Attach managed and inline policies to IAM identities, such as users, groups to which users belong, and roles."

At some other place you write that groups are no prinicipals and as such it is not possible to attach policies directly to groups. The policies are attached to the users indirectly.

Answer 1 · 2018-09-28T16:33:14.000Z

Groups are identites in IAM, but not principals. Principals are users and roles only. You can sign in as a user and perform operations in AWS. You can assume a role and perform operations in AWS. You can't sign in or assume a group. It's just a grouping of users. The purpose of a group is to assign permissions in bulk by attaching policies to the group of users. You can have up to 5,000 users in a group, and you can add users to the group instead of attaching policies to 5,000 users. The users inherit the permissions from their groups.

If you could find the area in the docs that you saw that you can't attach policies to groups, please let us know. That is incorrect and we'll fix it as soon as possible.

Answer 2 · 2018-10-01T09:12:46.000Z

Hi,

thanks for the explanation. If I find the area I let you know.

Despite that I think the documentation is a little bit thin on the topic 'Pricinipals' and Identies and could, IMHO, be more extensive.

Answer 3 · 2018-10-14T15:09:50.000Z

I agree. I'll actively work to update the terminology as I find it.