Automated Deployment of IAM Groups and Roles

Last Updated: September 2020

Author: Ben Potter, Security Lead, Well-Architected


This hands-on lab will guide you through how to use AWS CloudFormation to automatically configure AWS Identity and Access Management (IAM) Groups and roles for cross-account access. You will use the AWS Management Console and AWS CloudFormation to guide you through how to automate the configuration of a new or existing AWS account with IAM best practices. The skills you learn will help you secure your workloads in alignment with the AWS Well-Architected Framework.


  • Fine-grained authorization
  • Automate security best practices


  • An AWS account that you are able to use for testing.
  • Permissions to create resources in IAM.