I’m new to AWS IAM and I was wondering if there is a best practice for naming groups for development and deployment. I search on the internet for some article that recommends a best practices but couldn’t find one. One naming strategy and example names are:

project_name.role

For example:

my_new_project.deployer <– for users that want to deploy

my_new_project.app <– it will contain policies regarded to the app (if it has to communicate with other services, etc)

Any other suggestion for naming groups?

AWS provides a tagging best practices guide which discusses the naming for tags and resources.

For resources, it recommends a dot notation:

1. account-name prefix: for example, production, development
2. resource-name: free-form field for the logical name of the resource
3. type suffix: for example, subnet, sg, role, policy, kms-key

And gives the following examples:

1. prod.ec2-s3-access.role
2. dr.ec2-s3-access.role