Within the IAM service a GROUP is regarded as a:
A collection of AWS accounts
It’s the group of EC2 machines that gain the permissions specified in the GROUP.
There’s no GROUP in IAM, but only USERS and RESOURCES.
A collection of users.
Use groups to assign permissions to IAM users
Instead of defining permissions for individual IAM users, it’s usually more convenient to create groups that
relate to job functions (administrators, developers, accounting, etc.), define the relevant permissions for each
group, and then assign IAM users to those groups. All the users in an IAM group inherit the permissions
assigned to the group. That way, you can make changes for everyone in a group in just one place. As people
move around in your company, you can simply change what IAM group their IAM user belongs to.