IAM Group
๐ฆ Overviewโ
This Terraform module provisions a basic AWS IAM Group, providing a foundational building block for role-based access control (RBAC) across AWS environments.
โ Key Featuresโ
- Creates an IAM group with a custom name and optional path
- Supports standard environment and naming tags
- Useful for RBAC and grouping users under shared access policies
- Easily integrates with higher-level IAM policy management
๐ผ Use Casesโ
- Group users by role (e.g., Admins, Developers, Auditors)
- Apply shared IAM policies to groups rather than individuals
- Integrate into larger identity management strategies
- Serve as the base layer for Level 2 policy bundles
๐ฅ Input Variablesโ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region for the deployment |
| group_name | string | Name to assign to the IAM group |
| group_path | string | (Optional) Path for grouping the IAM group in AWS Console hierarchy |
| environment | string | Environment tag for resource visibility (e.g., dev, staging, prod) |
๐ค Outputsโ
| Name | Description |
|---|---|
| group_name | The name of the IAM group |
| group_arn | The ARN (Amazon Resource Name) of the group |
๐ Deployment Readinessโ
- โ Compatible with Terraform 1.0+
- โ Requires AWS Provider 5.x+
- ๐ IAM permissions required:
iam:CreateGroup,iam:TagGroup,iam:GetGroup
๐ ๏ธ Example Usageโ
module "iam_group_deployment" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//identity/iam-group?ref=v1.0.0"
region = "us-east-1"
group_name = "archiphire-admins"
group_path = "/teams/"
environment = "prod"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
๐งน Cleanupโ
Terraform Destroy:
terraform destroy
or
tofu destroy
Manual Deletion (for Production):
If the group has users or attached policies, delete via the AWS Console or:
aws iam delete-group --group-name archiphire-admins
๐ก๏ธ Notesโ
This is a Level 1 identity module designed for IAM group creation.
It can be paired with IAM policy modules or rolled into Level 2 access control bundles for full permission management.
๐ Deployment Package Noticeโ
This module is part of the Level 1 AWS License Tier.
To access the full deployment package and source code, subscribe to Archiphire.