AWS IAM Groups naming strategy


I’m new to AWS IAM and I was wondering if there is a best practice for naming groups for development and deployment. I search on the internet for some article that recommends a best practices but couldn’t find one. One naming strategy and example names are:


For example:

my_new_project.deployer <– for users that want to deploy <– it will contain policies regarded to the app (if it has to communicate with other services, etc)

Any other suggestion for naming groups?


AWS provides a tagging best practices guide which discusses the naming for tags and resources.

For resources, it recommends a dot notation:

  1. account-name prefix: for example, production, development
  2. resource-name: free-form field for the logical name of the resource
  3. type suffix: for example, subnet, sg, role, policy, kms-key

And gives the following examples:

  1. prod.ec2-s3-access.role
  2. dr.ec2-s3-access.role

Leave a Reply