Creating a Group

You can create a group in your account to manage the same set of permissions for a several users.

After creating a group, you need to add users and apply permissions to it. For more information, see Adding or Removing a User from a Group and Managing Policies to Access Your Resources.

Creating a Group Using Cockpit v2

Open the Create EIM Group Window

In the EIM Groups dashboard, click IconAddFull Create EIM Group.
The CREATE EIM GROUP window appears.

Configure Your Group

Choose a Name and a Path

In the Name field, type a name for the group.

This name must be unique and must contain between 1 and 64 characters. Allowed characters are a-z, A-Z, 0-9, and +=,.@-_.
(optional) In the Path field, type a path to indicate where the group is within your organization.

This name must begin and end with a slash (/), and contain between 1 and 512 alphanumeric characters and/or slashes (/), or underscores (_).
Click Next.
The Managed Group Policy screen appears.

Select a Managed Group Policy

From the Managed Group Policy list, select:
- Select one or more existing policies to attach one or more existing policies to the group.
- Create a new managed group policy to attach a new policy to the group.
  1. In the Name field, type a name for the policy.
    
    This name must be unique and must contain between 1 and 128 characters. Allowed characters are a-z, A-Z, 0-9, and +=,.@-_.
  2. From the Permissions list, select:
    
    Full access, to allow all actions for the OUTSCALE API.
    
    Read-only, to give read-only permissions for all actions related to Read API calls, except accessing and reading the root user’s credentials.
    
    Read consumption account, to give the permission to get information about the account consumption only.
    
    Custom policy, to type the policy directly in JSON format. For more information about the JSON structure, grammar, and elements to use for EIM policy documents, see EIM Reference Information.
- Proceed without managed group policy if you want to create a group without attaching any policy.
Click Next.
The EIM User screen appears.

Select a User

From the EIM User list, select:
- Select one or more existing users to add one or more existing users to the group.
- Create one or multiple users to create one or more users and add them to the group.
  1. In the Name field, type a name for the user.
    
    This name must be unique and must contain between 1 and 64 characters. Allowed characters are a-z, A-Z, 0-9, and +=,.@-_.
- Proceed without user if you want to create a group without adding any user.
Click Next.
The Summary screen appears.

Confirm the Group Creation

Review the settings you have specified for the group.
Click Create.
The group is created.

Creating a Group Using OSC CLI

The CreateUserGroup command creates a group to which you can add users.
You can also add an inline policy or link a managed policy to the group, which is applied to all its users.

Request sample

$ osc-cli api CreateUserGroup --profile "default" \
    --Path "/example/" \
    --UserGroupName "example-usergroup"

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
Path: (optional) The path to the group. If not specified, it is set to a slash (/).
UserGroupName: The name of the group.

The CreateUserGroup command returns the following elements:

ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.
UserGroup: Information about the user group.
- CreationDate: The date and time (UTC) of creation of the user group.
- LastModificationDate: The date and time (UTC) of the last modification of the user group.
- Name: The name of the user group.
- Orn: The Outscale Resource Name (ORN) of the user group. For more information, see Resource Identifiers.
- Path: The path to the user group.
- UserGroupId: The ID of the user group.

Result sample

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "UserGroup": {
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "LastModificationDate": "2010-10-01T12:34:56.789+0000",
    "Name": "example-usergroup",
    "Orn": "orn:ows:idauth::012345678910:usergroup/example/usergroup-example",
    "Path": "/example/",
    "UserGroupId": "ug-12345678"
  }
}

Creating a Group Using oapi-cli

The CreateUserGroup command creates a group to which you can add users.
You can also add an inline policy or link a managed policy to the group, which is applied to all its users.

Request sample

$ oapi-cli --profile "default" CreateUserGroup \
    --Path "/example/" \
    --UserGroupName "example-usergroup"

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
Path: (optional) The path to the group. If not specified, it is set to a slash (/).
UserGroupName: The name of the group.

The CreateUserGroup command returns the following elements:

ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.
UserGroup: Information about the user group.
- CreationDate: The date and time (UTC) of creation of the user group.
- LastModificationDate: The date and time (UTC) of the last modification of the user group.
- Name: The name of the user group.
- Orn: The Outscale Resource Name (ORN) of the user group. For more information, see Resource Identifiers.
- Path: The path to the user group.
- UserGroupId: The ID of the user group.

Result sample

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "UserGroup": {
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "LastModificationDate": "2010-10-01T12:34:56.789+0000",
    "Name": "example-usergroup",
    "Orn": "orn:ows:idauth::012345678910:usergroup/example/usergroup-example",
    "Path": "/example/",
    "UserGroupId": "ug-12345678"
  }
}

Creating a Group Using AWS CLI

Before you begin: Install and configure AWS CLI. For more information, see Installing and Configuring AWS CLI.

To create a group, use the create-group command following this syntax:

Request sample

$ aws iam create-group \
    --profile YOUR_PROFILE \
    --group-name GROUP_NAME \
    --path NOT_SPECIFIED \
    --endpoint https://eim.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

(optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.
group-name: The name for the group you want to create.

This name must be unique and must contain between 1 and 128 characters. Allowed characters are a-z, A-Z, 0-9, and +=,.@-_.
(optional) path: The path for the group (if you do not specify any value, it is set to a slash /). For more information, see Resource Identifiers.
endpoint: The endpoint corresponding to the Region you want to send the request to. For more information, see Installing and Configuring AWS CLI.

The create-group command returns the following elements:

Group: Information about the newly created group. This element contains the following information:
- Path: The path for the group.
- CreateDate: The date and time of creation of the group.
- GroupId: The ID of the group.
- Arn: The OUTSCALE Resource Name (ORN) of the group. For more information, see Resource Identifiers.
- GroupName: The common name of the group.

Result sample

{
    "Group": {
        "Path": "/",
        "CreateDate": "2016-05-12T06:30:24.165Z",
        "GroupId": "LMGPOKFGVV8K6LEXAMPLE",
        "Arn": "arn:aws:iam::123456789012:group/GROUP_NAME",
        "GroupName": "GROUP_NAME"
    }
}

The group is created in your account.

Related Pages

Corresponding API Method

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.