🚧 Coming Soon! 🚧

Please visit HERE for more information

Last modified April 8, 2025

AWS CLI: IAM

Unlocking IAM Management with AWS CLI

Efficiently manage Identity Access Management (IAM) using the AWS Command Line Interface (CLI). The CLI offers a comprehensive set of commands and options to configure and control IAM resources.

Benefit from flexibility and scalability, managing IAM resources across multiple accounts from a single interface. Ensure secure access through authentication, access keys, and IAM roles. Achieve greater efficiency in user management, permissions assignment, and policy updates. Leverage extensive documentation and community support for guidance.

See information about endpoints URLs here

Limitations

It’s important to note the current limitations when it comes to Effects and Actions. At present, only the following Effects and Actions are supported:

Effect: Allow

Policies versions are not supported. Please use “–version-id 1”.

Actions:

s3:ListBucket, s3:ListBucketVersions
s3:GetObject, s3:GetObjectVersion
s3:GetBucketObjectLockConfiguration, s3:GetBucketVersioning, s3:GetObjectLegalHold, s3:GetObjectRetention
s3:DeleteObject, s3:DeleteObjectVersion
s3:PutObject

List of Supported Operations

Here is a comprehensive list of currently supported IAM CLI operations by our JetBackup Storage, enabling you to manage IAM effectively:

Add User to Group
Attach Group Policy
Create Access Key
Create Group
Create Login Profile
Create Policy
Create User
Delete Group
Delete Policy
Delete User
Delete Access Key
Detach Group Policy
Get Group
Get Policy
Get Policy Version
Get User
List Access Keys
List Attached Group Policies
List Groups
List Groups for User
List Policies
List Users
Remove User from Group

Operations Descriptions and Examples

This section provides in-depth descriptions of each operation, empowering you to harness the full potential of IAM in effectively managing access and permissions within your system.

Users and Groups management

Users management

create-user: Create a new user in IAM with the specified parameters.
create-login-profile: Create a password for an IAM user.
delete-user: Delete an existing user from IAM.
list-users: Retrieve a list of all users in IAM.

aws iam create-user --user-name "[email protected]" --endpoint-url https://iam.eu.jetbackup.com/ --profile aws

aws iam create-login-profile --user-name "[email protected]" --password 'Y0urP@Ssw0rd!' --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam delete-user --user-name "[email protected]" --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam list-users --endpoint-url https://iam.eu.jetbackup.com --profile aws

Groups management

create-group: Create a new group in IAM with the given attributes.
delete-group: Delete an existing group from IAM.
list-groups: Retrieve a list of all groups in IAM.
get-group: Retrieve detailed information about a specific group in IAM.

aws iam create-group --group-name your_group_name --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam delete-group --group-name your_group_name --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam list-groups --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam get-group --group-name your_group_name --endpoint-url https://iam.eu.jetbackup.com --profile aws

Users and groups advanced operations

add-user-to-group: Add a user to a specific group in IAM.
remove-user-from-group: Remove a user from a specific group in IAM.
list-groups-for-user: Retrieve a list of groups associated with a particular user.

aws iam add-user-to-group --user-name "[email protected]" --group-name your_group_name --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam remove-user-from-group --user-name "[email protected]" --group-name your_group_name --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam list-groups-for-user --user-name "[email protected]" --endpoint-url https://iam.eu.jetbackup.com --profile aws

Access Keys management

create-access-key: Generate a new access key for an IAM user.
list-access-keys: Retrieve a list of access keys associated with an IAM user.

aws iam create-access-key --user-name "[email protected]" --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam list-access-keys --user-name "[email protected]" --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam delete-access-key --user-name "[email protected]" --access-key-id "your access key id" --endpoint-url https://iam.eu.jetbackup.com --profile aws

Policies management

Policies: basic operations

Create a new policy in IAM with the specified permissions.

When creating a policy, you have two options for specifying the policy document. You can either include the policy directly in the command using the “–policy-document” parameter, or you can create a separate JSON file (e.g., policy.json) containing the policy and use the “–policy-document file://policy.json” format where file://policy.json is the local path to your policy.json file.

Policies versions are not supported. Please use “–version-id 1” for the get-policy-version subcommand.

Please also beware of the limitations.

delete-policy: Delete an existing policy from IAM.
get-policy-version: Retrieve full information about a specific version of a policy in IAM.
Retrieve a list of all policies in IAM.

aws iam create-policy --policy-name your_policy_name --policy-document '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["s3:GetObject", "s3:GetObjectVersion", "s3:PutObject"], "Resource": ["arn:aws:s3:::bucket_name/*"]}]}' --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam create-policy --policy-name your_policy_name --policy-document file://policy.json --endpoint-url https://iam.eu.jetbackup.com  --profile aws

aws iam delete-policy --policy-arn arn:ipcld:iam::YourCanonicalID:policy/your_policy_name --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam get-policy-version --policy-arn="arn:ipcld:iam::YourCanonicalID:policy/your_policy_name" --version-id 1 --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam list-policies --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam get-policy --policy-arn="arn:ipcld:iam::YourCanonicalID:policy/your_policy_name" --endpoint-url https://iam.eu.jetbackup.com --profile aws

How to retrieve your CanonicalID

Policies: advanced operations

attach-group-policy: Attach a policy to a specific group in IAM.
detach-group-policy: Detach a policy from a specific group in IAM.
list-attached-group-policies: Retrieve a list of policies attached to a specific group in IAM.

aws iam attach-group-policy --group-name your_group_name --policy-arn arn:ipcld:iam::YourCanonicalID:policy/your_policy_name --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam detach-group-policy --group-name your_group_name --policy-arn arn:ipcld:iam::YourCanonicalID:policy/your_policy_name --endpoint-url https://iam.eu.jetbackup.com --profile aws

aws iam list-attached-group-policies --group-name your_group_name --endpoint-url https://iam.eu.jetbackup.com --profile aws

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.