This is the multi-page printable view of this section. Click here to print.
Groups are used to share resource access authorizations among a set of users within an account. Users can belong to multiple groups.
This section details tasks that can be performed on groups.
To create a group perform the steps listed in this topic.Enter the following command:
euare-groupcreate -g <group_name>
Eucalyptus does not return anything.
To add a group policy perform the steps listed in this topic.Enter the following command:
euare-groupaddpolicy -g <group_name> -p <policy_name> -e <effect> -a
<actions> -o
The optional -o parameter tells Eucalyptus to return the JSON policy, as in this example:
{"Version":"2008-10-17","Statement":[{"Effect":"Allow", "Action":["ec2:RunInstances"], "Resource":["*"]}]}
To modify a group perform the steps listed in this topic.Modifying a group is similar to a “move” operation. Whoever wants to modify the group must have permission to do it on both sides of the move. That is, you need permission to remove the group from its current path or name, and put that group in the new path or name.
For example, if a group changes from one area in a company to another, you can change the group’s path from /area_abc/ to /area_efg/ . You need permission to remove the group from /area_abc/ . You also need permission to put the group into /area_efg/ . This means you need permission to call UpdateGroup on both arn:aws:iam::123456789012:group/area_abc/* and arn:aws:iam::123456789012:group/area_efg/* .
Enter the following command to modify the group’s name:
euare-groupmod -g <group_name> --new-group-name <new_name>
Eucalyptus does not return a message. Enter the following command to modify a group’s path:
euare-groupmod -g <group_name> -p <new_path>
Eucalyptus does not return a message.
To remove a user from a group perform the steps listed in this topic.Enter the following command:
euare-groupremoveuser -g <group_name> -u <user-name>
To list groups perform the steps listed in this topic.Enter the following command:
euare-grouplistbypath
Eucalyptus returns a list of paths followed by the ARNs for the groups in each path. For example:
arn:aws:iam::eucalyptus:group/groupa
To list policies for a group perform the steps listed in this topic.Enter the following command:
euare-grouplistpolicies -g <group_name>
Eucalyptus returns a listing of all policies associated with the group.
To delete a group perform the steps listed in this topic.When you delete a group, you have to remove users from the group and delete any policies from the group. You can do this with one command, using the euare-groupdel command with the -r option. Or you can follow the following steps to specify who and what you want to delete.
Individually remove all users from the group.
euare-groupremoveuser -g <group_name> -u <user_name>
Delete the policies attached to the group.
euare-groupdelpolicy -g <group_name> -p <policy_name>
Delete the group.
euare-groupdel -g <group_name>
The group is now deleted.