AWS IAM User Group Membership
This page shows how to write Terraform and CloudFormation for IAM User Group Membership and write them securely.
aws_iam_user_group_membership (Terraform)
The User Group Membership in IAM can be configured in Terraform with the resource name aws_iam_user_group_membership. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_iam_user_group_membership" "groupmember1" {
user = aws_iam_user.deva1.name
groups = [
aws_iam_group.developers.name,
resource "aws_iam_user_group_membership" "maven_user" {
user = aws_iam_user.maven_user.name
groups = [
aws_iam_group.artefacts.name
]
resource "aws_iam_user_group_membership" "govwifi_pipeline_terraform" {
user = "govwifi-pipeline-terraform"
groups = [
"AWS-Admin",
]
resource "aws_iam_user_group_membership" "apps_admin_users" {
for_each = toset(var.users.apps.admins)
groups = [module.groups.admin.name]
user = each.key
}
resource "aws_iam_user_group_membership" "admin-users" {
user = aws_iam_user.demo-user.name
groups = [
aws_iam_group.admin.name
]
Parameters
Explanation in Terraform Registry
Provides a resource for adding an [IAM User][2] to [IAM Groups][1]. This resource can be used multiple times with the same user for non-overlapping groups. To exclusively manage the users in a group, see the [
aws_iam_group_membershipresource][3].
Tips: Best Practices for The Other AWS IAM Resources
In addition to the aws_iam_account_password_policy, AWS IAM has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_iam_account_password_policy
Ensure AWS IAM account password policies requires long passwords
It's better to enforce the use of long and complex passwords to reduce the risk of bruteforce attacks.
AWS::IAM::UserToGroupAddition (CloudFormation)
The UserToGroupAddition in IAM can be configured in CloudFormation with the resource name AWS::IAM::UserToGroupAddition. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::IAM::UserToGroupAddition
Properties:
GroupName: !Ref 'CloudspacePumaUsersAdminGroup'
Users:
- !Ref Bernadette
- !Ref Hera
Type: AWS::IAM::UserToGroupAddition
Properties:
GroupName: !Ref 'Usergroup1'
Users:
- !Ref 'Users1'
Type: AWS::IAM::UserToGroupAddition
Properties:
GroupName: !Ref 'Usergroup1'
Users:
- !Ref 'Users1'
Type: "AWS::IAM::UserToGroupAddition"
Properties:
GroupName: !Ref group1
Users:
- !Ref iamUserWithTwoAdditions
Type: "AWS::IAM::UserToGroupAddition"
Properties:
GroupName: "groupA"
Users:
- "jimbob"
DependsOn:
"Type" : "AWS::IAM::UserToGroupAddition",
"Properties" : {
"GroupName" : "group1",
"Users" : [ { "Ref" : "myuser2" } ]
}
},
"Type": "AWS::IAM::UserToGroupAddition",
"Properties": {
"GroupName": "group1",
"Users": [
{
"Ref": "myuser2"
"Type": "AWS::IAM::UserToGroupAddition",
"Properties": {
"GroupName": {
"Ref": "TestGroup"
},
"Users": [
"Type": "AWS::IAM::UserToGroupAddition",
"Properties": {
"GroupName": {
"Ref": "group1"
},
"Users": [
"Type": "AWS::IAM::UserToGroupAddition",
"Properties": {
"GroupName": "groupA",
"Users": [
"jimbob"
]
Parameters
Explanation in CloudFormation Registry
Adds the specified user to the specified group.
Frequently asked questions
What is AWS IAM User Group Membership?
AWS IAM User Group Membership is a resource for IAM of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS IAM User Group Membership?
For Terraform, the Deval07GitHub/IAM-Service-Terraform, ARIG-Robotique/terraform-aws-env and alphagov/govwifi-terraform source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the NelieTchat/Three_Tiers-Applications, fmezegne/GITRemoteRepo and fmezegne/GITRemoteRepo source code examples are useful. See the CloudFormation Example section for further details.
