Resource Type: AWS > IAM > Group
The IAM Group resource type is part of the AWS Identity and Access Management (IAM) service. Each IAM Group resource is a collection of IAM users and is used to manage permissions for multiple users.
Resource Context
Group is a part of the IAM service.
Each Group lives under an Account.
Each Group may have children of these types:Controls
The primary controls for AWS > IAM > Group are:
It is also targeted by these controls:
- AWS > HIPAA > IAM > IAM groups should have at least one user
- AWS > HIPAA > IAM > KMS key decryption should be restricted in IAM inline policy
- AWS > IAM > Group > Group Policy Attachments > Discovery
- AWS > IAM > Group > Inline Policy > Discovery
- AWS > NIST 800-53 > IAM > IAM groups should have at least one user
- AWS > NIST 800-53 > IAM > IAM groups, users, and roles should not have any inline policies
- AWS > Turbot > IAM > Group > Managed
Quick Actions
- Delete from AWS
- Skip alarm for Active control
- Skip alarm for Active control [90 days]
- Skip alarm for Approved control
- Skip alarm for Approved control [90 days]
Category
In Your Workspace
- Controls by Resource Type report
- Policy Settings by Resource Type report
- Resources by Resource Type report
Developers
- tmod:@turbot/aws-iam#/resource/types/group
- tmod:@turbot/turbot#/resource/categories/iam
- turbot graphql resource --id "tmod:@turbot/aws-iam#/resource/types/group"
Get Resource- select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/group';
- select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-iam#/resource/types/group"';
- select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/group' and notification_type in ('resource_updated', 'resource_created');
Get ResourceGet Policy Settings (By Resource ID)Get Resource Notification
Resource Type URI
Category URI
GraphQL
CLI
Steampipe Query