Groups

1: Create a Group

2: Add a Group Policy

3: Modify a Group

4: Add a User to a Group

5: Remove a User from a Group

6: List Groups

7: Delete a Group

Groups

Groups are used to share resource access authorizations among a set of users within an account. Users can belong to multiple groups.

Note

A group in the context of access is not the same as a security group.

This section details tasks that can be performed on groups.

1 - Create a Group

To create a group perform the steps listed in this topic.Enter the following command:

euare-groupcreate -g <group_name>

Eucalyptus does not return anything.

2 - Add a Group Policy

To add a group policy perform the steps listed in this topic.Enter the following command:

euare-groupaddpolicy -g <group_name> -p <policy_name> -e <effect> -a
							<actions> -o

The optional -o parameter tells Eucalyptus to return the JSON policy, as in this example:

{"Version":"2008-10-17","Statement":[{"Effect":"Allow", "Action":["ec2:RunInstances"], "Resource":["*"]}]}

3 - Modify a Group

To modify a group perform the steps listed in this topic.Modifying a group is similar to a “move” operation. Whoever wants to modify the group must have permission to do it on both sides of the move. That is, you need permission to remove the group from its current path or name, and put that group in the new path or name.

For example, if a group changes from one area in a company to another, you can change the group’s path from /area_abc/ to /area_efg/ . You need permission to remove the group from /area_abc/ . You also need permission to put the group into /area_efg/ . This means you need permission to call UpdateGroup on both arn:aws:iam::123456789012:group/area_abc/* and arn:aws:iam::123456789012:group/area_efg/* .

Enter the following command to modify the group’s name:

euare-groupmod -g <group_name> --new-group-name <new_name>

Eucalyptus does not return a message. Enter the following command to modify a group’s path:

euare-groupmod -g <group_name> -p <new_path>

Eucalyptus does not return a message.

4 - Add a User to a Group

To add a user to a group perform the steps listed in this topic.Enter the following command:

euare-groupadduser -g <group_name> -u <user-name>

5 - Remove a User from a Group

To remove a user from a group perform the steps listed in this topic.Enter the following command:

euare-groupremoveuser -g <group_name> -u <user-name>

6 - List Groups

To list groups perform the steps listed in this topic.Enter the following command:

euare-grouplistbypath

Eucalyptus returns a list of paths followed by the ARNs for the groups in each path. For example:

arn:aws:iam::eucalyptus:group/groupa

7 - Delete a Group

To delete a group perform the steps listed in this topic.When you delete a group, you have to remove users from the group and delete any policies from the group. You can do this with one command, using the euare-groupdel command with the -r option. Or you can follow the following steps to specify who and what you want to delete.

Individually remove all users from the group.

euare-groupremoveuser -g <group_name> -u <user_name>

Delete the policies attached to the group.

euare-groupdelpolicy -g <group_name> -p <policy_name>

Delete the group.

euare-groupdel -g <group_name>

The group is now deleted.