Final answer:
IAM groups are used for admin groupings of users and can hold identity permissions but cannot be used directly for login purposes, including using access keys or a user and password, nor can they be nested within other groups.
Step-by-step explanation:
Identity and Access Management (IAM) groups in AWS are a way to manage permissions for a collection of IAM users. Here are the features relevant to your question:
- Admin groupings of IAM Users: IAM groups allow you to assign permissions to multiple users, making it easier to manage the permissions for those users as a whole rather than individually.
- Can hold Identity Permissions: IAM groups can be attached with policies that grant permissions, defining what actions the users in the group are allowed to perform in the AWS environment.
- Can be used to login (Access Keys): This is not a feature of IAM groups. While IAM users can be assigned access keys for programmatic access, IAM groups do not have login capabilities.
- Can be used to login (User and password): Similar to access keys, this is a feature of IAM users, not groups. Groups cannot login; they are a way to group users together.
- Can be nested: IAM groups cannot be nested within other groups. Each IAM user can be a member of multiple groups, but groups themselves cannot contain other groups.