Top / Amazon Web Service / AWS IAM / Group Policy

AWS IAM Group Policy

This page shows how to write Terraform and CloudFormation for IAM Group Policy and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_group_policy (Terraform)

The Group Policy in IAM can be configured in Terraform with the resource name aws_group_policy. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • policy - (Required) The policy document. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guide
  • name - (Optional) The name of the policy. If omitted, Terraform will assign a random, unique name.
  • name_prefix - (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name.
  • group - (Required) The IAM group to attach to the policy.

In addition to all arguments above, the following attributes are exported:

  • id - The group policy ID.
  • group - The group to which this policy applies.
  • name - The name of the policy.
  • policy - The policy document attached to the group.

>> from Terraform Registry

Explanation in Terraform Registry

Provides an IAM policy attached to a group.

>> from Terraform Registry

Tips: Best Practices for The Other AWS IAM Resources

In addition to the aws_iam_account_password_policy, AWS IAM has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_iam_account_password_policy

Ensure AWS IAM account password policies requires long passwords

It's better to enforce the use of long and complex passwords to reduce the risk of bruteforce attacks.

Review your AWS IAM settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::IAM::Group Policy (CloudFormation)

The Group Policy in IAM can be configured in CloudFormation with the resource name AWS::IAM::Group Policy. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

PolicyDocument The policy document.
Required: Yes
Type: Json
Minimum: 1
Maximum: 131072
Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+
Update requires: No interruption

PolicyName The friendly name (not ARN) identifying the policy.
Required: Yes
Type: String
Minimum: 1
Maximum: 128
Pattern: [\w+=,.@-]+
Update requires: No interruption

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

Contains information about an attached policy.

An attached policy is a managed policy that has been attached to a user, group, or role.

For more information about managed policies, see Managed Policies and Inline Policies in the IAM User Guide.

>> from AWS CloudFormation Documentation

The Other Related AWS IAM Resources

Frequently asked questions

What is AWS IAM Group Policy?

AWS IAM Group Policy is a resource for IAM of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents