Package software.amazon.awscdk.services.iam

Class Group

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.Resource
software.amazon.awscdk.services.iam.Group
All Implemented Interfaces:
IEnvironmentAware, IResource, IGrantable, IGroup, IGroupRef, IIdentity, IPrincipal, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.118.0 (build 02eec31)", date="2025-11-04T09:27:42.936Z") @Stability(Stable) public class Group extends Resource implements IGroup
An IAM Group (collection of IAM users) lets you specify permissions for multiple users, which can make it easier to manage permissions for those users.

Example: 

 User user = new User(this, "MyUser"); // or User.fromUserName(this, 'User', 'johnsmith');
 Group group = new Group(this, "MyGroup"); // or Group.fromGroupArn(this, 'Group', 'arn:aws:iam::account-id:group/group-name');
 user.addToGroup(group);
 // or
 group.addUser(user);

See Also:

  • Field Details

    • PROPERTY_INJECTION_ID

      @Stability(Stable) public static final String PROPERTY_INJECTION_ID
      Uniquely identifies this class.

  • Constructor Details

    • Group

      protected Group(software.amazon.jsii.JsiiObjectRef objRef)

    • Group

      protected Group(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • Group

      @Stability(Stable) public Group(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable GroupProps props)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      props -

    • Group

      @Stability(Stable) public Group(@NotNull software.constructs.Construct scope, @NotNull String id)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.

  • Method Details

    • fromGroupArn

      @Stability(Stable) @NotNull public static IGroup fromGroupArn(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String groupArn)
      Import an external group by ARN.

      If the imported Group ARN is a Token (such as a CfnParameter.valueAsString or a Fn.importValue()) and the referenced group has a path (like arn:...:group/AdminGroup/NetworkAdmin), the groupName property will not resolve to the correct value. Instead it will resolve to the first path component. We unfortunately cannot express the correct calculation of the full path name as a CloudFormation expression. In this scenario the Group ARN should be supplied without the path in order to resolve the correct group resource.

      Parameters:
      scope - construct scope. This parameter is required.
      id - construct id. This parameter is required.
      groupArn - the ARN of the group to import (e.g. arn:aws:iam::account-id:group/group-name). This parameter is required.

    • fromGroupName

      @Stability(Stable) @NotNull public static IGroup fromGroupName(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String groupName)
      Import an existing group by given name (with path).

      This method has same caveats of fromGroupArn

      Parameters:
      scope - construct scope. This parameter is required.
      id - construct id. This parameter is required.
      groupName - the groupName (path included) of the existing group to import. This parameter is required.

    • addManagedPolicy

      @Stability(Stable) public void addManagedPolicy(@NotNull IManagedPolicy policy)
      Attaches a managed policy to this group.

      See [IAM and AWS STS quotas, name requirements, and character limits] (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entities) for quota of managed policies attached to an IAM group.

      Specified by:
      addManagedPolicy in interface IIdentity
      Parameters:
      policy - The managed policy to attach. This parameter is required.

    • addToPolicy

      @Stability(Stable) @NotNull public Boolean addToPolicy(@NotNull PolicyStatement statement)
      Add to the policy of this principal.

      Parameters:
      statement - This parameter is required.

    • addToPrincipalPolicy

      @Stability(Stable) @NotNull public AddToPrincipalPolicyResult addToPrincipalPolicy(@NotNull PolicyStatement statement)
      Adds an IAM statement to the default policy.

      Specified by:
      addToPrincipalPolicy in interface IPrincipal
      Parameters:
      statement - This parameter is required.

    • addUser

      @Stability(Stable) public void addUser(@NotNull IUser user)
      Adds a user to this group.

      Parameters:
      user - This parameter is required.

    • attachInlinePolicy

      @Stability(Stable) public void attachInlinePolicy(@NotNull Policy policy)
      Attaches a policy to this group.

      Specified by:
      attachInlinePolicy in interface IIdentity
      Parameters:
      policy - The policy to attach. This parameter is required.

    • getAssumeRoleAction

      @Stability(Stable) @NotNull public String getAssumeRoleAction()
      When this Principal is used in an AssumeRole policy, the action to use.
      Specified by:
      getAssumeRoleAction in interface IPrincipal

    • getGrantPrincipal

      @Stability(Stable) @NotNull public IPrincipal getGrantPrincipal()
      The principal to grant permissions to.
      Specified by:
      getGrantPrincipal in interface IGrantable

    • getGroupArn

      @Stability(Stable) @NotNull public String getGroupArn()
      Returns the IAM Group ARN.
      Specified by:
      getGroupArn in interface IGroup

    • getGroupName

      @Stability(Stable) @NotNull public String getGroupName()
      Returns the IAM Group Name.
      Specified by:
      getGroupName in interface IGroup

    • getGroupRef

      @Stability(Stable) @NotNull public GroupReference getGroupRef()
      A reference to a Group resource.
      Specified by:
      getGroupRef in interface IGroupRef

    • getPolicyFragment

      @Stability(Stable) @NotNull public PrincipalPolicyFragment getPolicyFragment()
      Return the policy fragment that identifies this principal in a Policy.
      Specified by:
      getPolicyFragment in interface IPrincipal

    • getPrincipalAccount

      @Stability(Stable) @Nullable public String getPrincipalAccount()
      The AWS account ID of this principal.

      Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.

      Specified by:
      getPrincipalAccount in interface IPrincipal