IAM User Groups - saayam-for-all/docs GitHub Wiki

DevSecOps_Cloud_Engineering

This user group can manage IAM users, access billing, explore cost reports, work with EKS and Cloud services, and has near-admin privileges through PowerUserAccess. They can also open support cases and use Q Developer tools within AWS.

Developers_Engineering

This user group has read-only access to Cognito, MSK, and RDS, can operate API Gateway, fully manage Lambda, and access S3 in US-East-1 and EU-West-1 only. Regional restrictions are enforced to block actions outside those two regions.

Dev_Database_Engineering

This user group has database admin privileges across RDS and EKS, can manage database-related tasks, and is restricted to operate only within us-east-1 and eu-west-1 regions. All actions outside those regions are explicitly blocked.

DevSecOps_DevOps_Engineering

This user group has full access to S3, RDS, MSK, EKS, Lambda, CloudFront, API Gateway, Cognito, and ECR, enabling them to manage containers, databases, and serverless services. All access is restricted to us-east-1 and eu-west-1 regions only.

DevSecOps_RDSDB_Engineering

This user group has full access to Amazon RDS data, monitoring, and performance insights, enabling them to manage and analyze RDS instances. All actions are limited to the us-east-1 and eu-west-1 regions due to the applied regional restriction policy.

DevSecOps_Security_Engineering

This user group has access to Amazon Q development tools, full and read-only permissions for security incident response, and audit-level visibility into AWS resources. All activities are strictly confined to the us-east-1 and eu-west-1 regions.

DevSecOps_SREngineering

This user group has permissions to manage EKS clusters, compute, and storage, access Amazon Q developer tools, perform security audits, handle support cases, and manage network resources. All permissions are confined to us-east-1 and eu-west-1 regions.

Dev_Cognito_Engineering

This user group has read-only access to Amazon Cognito, allowing them to view user pool and identity details. All actions are restricted to us-east-1 and eu-west-1 regions only.

Super_Admins

This user group has full administrative control over all AWS services and resources, along with complete access to view and manage billing information.

Admins

This user group has broad access to manage AWS resources (except IAM and billing) through PowerUserAccess, and is restricted to operate only within the us-east-1 and eu-west-1 regions.

If you see other user groups in IAM, they might have been created based on business requirements.

Last Updated: May 13, 2025