Within the IAM service a GROUP is regarded as a:
A collection of AWS accounts
It’s the group of EC2 machines that gain the permissions specified in the GROUP.
There’s no GROUP in IAM, but only USERS and RESOURCES.
A collection of users.
Use groups to assign permissions to IAM users
Instead of defining permissions for individual IAM users, it’s usually more convenient to create
groups that relate to job functions (administrators, developers, accounting, etc.), define the
relevant permissions for each group, and then assign IAM users to those groups. All the users
in an IAM group inherit the permissions assigned to the group. That way, you can make
changes for everyone in a group in just one place. As people move around in your company,
you can simply change what IAM group their IAM user belongs to.