AWS | How to create, update and delete users and groups using AWS CLI

Creating users and user groups in AWS comes under IAM (Identity and Access Management) service, in this article we are going to look at how to create users and user groups using AWS CLI commands.

This article use AWS CLI commands, if you haven't installed AWS CLI, you can follow steps from this Install and Configure AWS CLI to install and configure it.

How to create an user using CLI
How to setup a password for an user using CLI
How to update password for an user using CLI
How to delete an user using CLI
How to create a group using CLI
How to add an user to a group using CLI
How to remove an user from a group using CLI
How to delete a group using CLI

user

You can create an user account using aws iam create-user command and pass --user-name parameter with the username that you would like to create.

$ aws iam create-user --user-name testuser

When you run the command, it will produce the result of the execution output in the format that you configured (it is JSON in my case).

{ "User": { "Path": "/", "UserName": "testuser", "UserId": "AIDASQBMABCDEFGHCYO", "Arn": "arn:aws:iam::12345678988:user/testuser", "CreateDate": "2022-12-05T17:11:40+00:00" } }

create password

As you may have noticed above that we have only created an user account, and this account does not have any password. This user can access AWS resources using assumed roles, access keys, SSH keys or server certificates for some AWS services.

If you have a need to setup a password for this user, you can use aws iam create-login-profile command with parameters --user-name and --password

$ aws iam create-login-profile --user-name <user name> --password <password>

When you run the above command, if it is successful, then it shows output like this.

{ "LoginProfile": { "UserName": "testuser", "CreateDate": "2022-12-05T20:13:18+00:00", "PasswordResetRequired": false } }

update password

If you are a administrator and would like to change other user(s) passwords, you can run aws iam update-login-profile with --user-name and --password.

$ aws iam update-login-profile --user-name <user name> --password <password>

If you want to enforce the user reset the password upon next login, you can pass --password-reset-required parameter.

$ aws iam update-login-profile --user-name <user name> --password <password> --password-reset-required

If you want to change your own password (user currently logged in CLI), you can use aws iam change-password command with parameters --old-password and --new-password.

$ aws iam change-password --old-password <old password> --new-password <new password>

You can delete an user account using aws iam delete-user command and pass --user-name parameter with the username that you would like to delete.

$ aws iam delete-user --user-name testuser

You can create a group using aws iam create-group command and pass --group-name parameter.

$ aws iam create-group --group-name testgroup

In the above command, we are creating a group with the name testgroup, once the command is run and if it success, it will produce out like this.

{ "Group": { "Path": "/", "GroupName": "testgroup", "GroupId": "AGPABCDEFGHIJKJ6V", "Arn": "arn:aws:iam::123456789:group/testgroup", "CreateDate": "2022-12-06T00:49:51+00:00" } }

Once the group is created and if you want to add users to this group, you can run aws iam add-user-to-group command with --group-name and --user-name parameters.

$ aws iam add-user-to-group --group-name testgroup --user-name testuser

You can remove an user from a group using aws iam remove-user-from-group command with --group-name and --user-name parameters.

$ aws iam remove-user-from-group --group-name testgroup --user-name testuser

You can remove an user from a group using aws iam delete-group command with --group-name parameter.

$ aws iam delete-group --group-name testgroup