Revoke Temporary delegation access - Amazon Identity and Access Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Revoke Temporary delegation access

Although product provider access sessions are designed to expire automatically after their approved duration, you may need to terminate access immediately in certain situations. Revoking active product provider access provides an emergency control mechanism when security concerns arise, when the product provider's work is completed early, or when business requirements change. Both request initiators and administrators can revoke access to maintain security and operational control.

To revoke temporary delegation access

  1. Sign in to the Amazon Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane on the left, choose Temporary delegation requests.

  3. Locate the request ID for the access session you want to revoke.

  4. Choose Actions and then choose Revoke access.

  5. In the dialog, choose Revoke access to confirm that you want to immediately terminate the access session.

After revoking access, the product provider will no longer be able to access your Amazon resources. The revocation is logged in Amazon CloudTrail for audit purposes.

Important

Revoking access immediately terminates the product provider access session. Any ongoing work or processes using the access will be interrupted. Ensure that revocation won't disrupt critical operations.

Note

You cannot revoke access for requests that were approved using a root user. Amazon recommends that you avoid using a root user to approve delegation requests. Use an IAM role with appropriate permissions instead.