Skip to content
Alchemy
GitHubXDiscord

Group

The Group resource lets you manage AWS IAM Groups for organizing users and permissions within your AWS account.

Minimal Example

Section titled “Minimal Example”

Create a basic IAM group with a specified name and an optional path.

import AWS from "alchemy/aws/control";


const iamGroup = await AWS.IAM.Group("basicIamGroup", {
  GroupName: "Developers",
  Path: "/engineering/"
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure an IAM group with managed policies and inline policies for more granular control.

const advancedIamGroup = await AWS.IAM.Group("advancedIamGroup", {
  GroupName: "Admins",
  ManagedPolicyArns: [
    "arn:aws:iam::aws:policy/AdministratorAccess"
  ],
  Policies: [{
    PolicyName: "CustomPolicy",
    PolicyDocument: {
      Version: "2012-10-17",
      Statement: [
        {
          Effect: "Allow",
          Action: "s3:ListBucket",
          Resource: "arn:aws:s3:::example-bucket"
        },
        {
          Effect: "Allow",
          Action: "s3:GetObject",
          Resource: "arn:aws:s3:::example-bucket/*"
        }
      ]
    }
  }]
});

Adding Users to the Group

Section titled “Adding Users to the Group”

Create an IAM group and add users to it.

const userGroup = await AWS.IAM.Group("userGroup", {
  GroupName: "DataScientists"
});


// Assume users are already created
await AWS.IAM.AddUserToGroup("addUserToGroup", {
  GroupName: userGroup.GroupName,
  UserName: "data-scientist-1"
});

Adopting Existing Resources

Section titled “Adopting Existing Resources”

Manage an existing IAM group by adopting it instead of failing if it already exists.

const adoptIamGroup = await AWS.IAM.Group("adoptIamGroup", {
  GroupName: "LegacyGroup",
  adopt: true
});