AWS
AWS IAM CLI
AWS IAM CLI commands for identity and access management.
31 commands
Windows
MacOS
Linux
#security
#identity
User Management
List all IAM users
aws iam list-users
Create a new IAM user
aws iam create-user --user-name alice
Delete an IAM user
aws iam delete-user --user-name alice
Get user details
aws iam get-user --user-name alice
Set console password
aws iam create-login-profile --user-name alice --password Pass123!
Rename a user
aws iam update-user --user-name alice --new-user-name bob
Group Management
List all IAM groups
aws iam list-groups
Create a new group
aws iam create-group --group-name developers
Delete a group
aws iam delete-group --group-name developers
Add user to group
aws iam add-user-to-group --user-name alice --group-name developers
Remove user from group
aws iam remove-user-from-group --user-name alice --group-name developers
List groups a user belongs to
aws iam list-groups-for-user --user-name alice
Role Management
List all IAM roles
aws iam list-roles
Create a role
aws iam create-role --role-name myRole --assume-role-policy-document file://trust.json
Delete a role
aws iam delete-role --role-name myRole
Get role details
aws iam get-role --role-name myRole
Attach policy to role
aws iam attach-role-policy --role-name myRole --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
Policy Management
List customer managed policies
aws iam list-policies --scope Local
Create a policy
aws iam create-policy --policy-name myPolicy --policy-document file://policy.json
Delete a policy
aws iam delete-policy --policy-arn arn:aws:iam::123:policy/myPolicy
Get policy details
aws iam get-policy --policy-arn arn:aws:iam::123:policy/myPolicy
Attach policy to user
aws iam attach-user-policy --user-name alice --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
List policies attached to user
aws iam list-attached-user-policies --user-name alice
Access Keys
Create access key for user
aws iam create-access-key --user-name alice
List access keys for user
aws iam list-access-keys --user-name alice
Delete an access key
aws iam delete-access-key --user-name alice --access-key-id AKIA123
Deactivate key
aws iam update-access-key --user-name alice --access-key-id AKIA123 --status Inactive
Check when key was last used
aws iam get-access-key-last-used --access-key-id AKIA123
Quick Commands
List all IAM users in the account
aws iam list-users
Create a new IAM user
aws iam create-user --user-name <name>
Attach a managed policy to a user
aws iam attach-user-policy --user-name <name> --policy-arn <arn>