AWS IAM User Group Membership

This page shows how to write Terraform and CloudFormation for IAM User Group Membership and write them securely.

aws_iam_user_group_membership (Terraform)

The User Group Membership in IAM can be configured in Terraform with the resource name aws_iam_user_group_membership. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

Task1terra.tf#L39
  resource "aws_iam_user_group_membership" "groupmember1" {
  user = aws_iam_user.deva1.name


  groups = [
    aws_iam_group.developers.name,
06_users.tf#L12
resource "aws_iam_user_group_membership" "maven_user" {
  user = aws_iam_user.maven_user.name

  groups = [
    aws_iam_group.artefacts.name
  ]
iam-users.tf#L33
resource "aws_iam_user_group_membership" "govwifi_pipeline_terraform" {
  user = "govwifi-pipeline-terraform"

  groups = [
    "AWS-Admin",
  ]
main.tf#L14
resource "aws_iam_user_group_membership" "apps_admin_users" {
  for_each = toset(var.users.apps.admins)
  groups   = [module.groups.admin.name]
  user     = each.key
}

aws_iam_group.tf#L32
resource "aws_iam_user_group_membership" "admin-users" {
  user = aws_iam_user.demo-user.name

  groups = [
    aws_iam_group.admin.name
  ]

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

  • groups required - set of string
  • id optional computed - string
  • user required - string

Explanation in Terraform Registry

Provides a resource for adding an [IAM User][2] to [IAM Groups][1]. This resource can be used multiple times with the same user for non-overlapping groups. To exclusively manage the users in a group, see the [aws_iam_group_membership resource][3].

Tips: Best Practices for The Other AWS IAM Resources

In addition to the aws_iam_account_password_policy, AWS IAM has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_iam_account_password_policy

Ensure AWS IAM account password policies requires long passwords

It's better to enforce the use of long and complex passwords to reduce the risk of bruteforce attacks.

Review your AWS IAM settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::IAM::UserToGroupAddition (CloudFormation)

The UserToGroupAddition in IAM can be configured in CloudFormation with the resource name AWS::IAM::UserToGroupAddition. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

iam-resources-stacks.yml#L41
    Type: AWS::IAM::UserToGroupAddition
    Properties:
      GroupName: !Ref 'CloudspacePumaUsersAdminGroup'
      Users:
          - !Ref Bernadette
          - !Ref Hera
IAM-template-project2.yml#L28
    Type: AWS::IAM::UserToGroupAddition
    Properties:
      GroupName: !Ref 'Usergroup1'
      Users:
        - !Ref 'Users1'

francoise-iam-template.yml#L28
    Type: AWS::IAM::UserToGroupAddition
    Properties:
      GroupName: !Ref 'Usergroup1'
      Users:
        - !Ref 'Users1'

iam_user_with_two_additions.yml#L27
    Type: "AWS::IAM::UserToGroupAddition"
    Properties:
      GroupName: !Ref group1
      Users:
        - !Ref iamUserWithTwoAdditions

iam_user_with_literal_username_and_addition.yml#L18
    Type: "AWS::IAM::UserToGroupAddition"
    Properties:
      GroupName: "groupA"
      Users:
        - "jimbob"
    DependsOn:
iam_user_with_two_groups_through_addition.json#L8
      "Type" : "AWS::IAM::UserToGroupAddition",
      "Properties" : {
        "GroupName" : "group1",
        "Users" : [ { "Ref" : "myuser2" } ]
      }
    },
iam_user_with_two_groups_through_addition.json#L7
      "Type": "AWS::IAM::UserToGroupAddition",
      "Properties": {
        "GroupName": "group1",
        "Users": [
          {
            "Ref": "myuser2"
cf-example-100.json#L47
            "Type": "AWS::IAM::UserToGroupAddition",
            "Properties": {
                "GroupName": {
                    "Ref": "TestGroup"
                },
                "Users": [
iam_user_with_two_additions.json#L36
      "Type": "AWS::IAM::UserToGroupAddition",
      "Properties": {
        "GroupName": {
          "Ref": "group1"
        },
        "Users": [
iam_user_with_literal_username_and_addition.json#L18
      "Type": "AWS::IAM::UserToGroupAddition",
      "Properties": {
        "GroupName": "groupA",
        "Users": [
          "jimbob"
        ]

Parameters

Explanation in CloudFormation Registry

Adds the specified user to the specified group.

Frequently asked questions

What is AWS IAM User Group Membership?

AWS IAM User Group Membership is a resource for IAM of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS IAM User Group Membership?

For Terraform, the Deval07GitHub/IAM-Service-Terraform, ARIG-Robotique/terraform-aws-env and alphagov/govwifi-terraform source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the NelieTchat/Three_Tiers-Applications, fmezegne/GITRemoteRepo and fmezegne/GITRemoteRepo source code examples are useful. See the CloudFormation Example section for further details.