Prerequisites Deleting customer managed policies (Amazon CLI)Deleting inline policies (Amazon CLI)

Delete IAM policies (Amazon CLI)

You can use the Amazon Command Line Interface (Amazon CLI) to delete customer managed policies and inline policies in IAM. The number and size of IAM resources in an Amazon account are limited. For more information, see IAM and Amazon STS quotas.

Note

Deletion of IAM policies is permanent. After the policy is deleted it cannot be recovered.

For more information about IAM policy structure and syntax, see Policies and permissions in Amazon Identity and Access Management and the IAM JSON policy element reference.

For more information about the difference between managed and inline policies, see Managed policies and inline policies.

Prerequisites

Before you delete a policy, you should review its recent service-level activity. This is important because you don't want to remove access from a principal (person or application) who is using it. For more information about viewing last accessed information, see Refine permissions in Amazon using last accessed information.

Deleting customer managed policies (Amazon CLI)

You can delete a customer managed policy from the Amazon Command Line Interface.

To delete a customer managed policy (Amazon CLI)

(Optional) To view information about a policy, run the following commands:
- To list managed policies: list-policies
- To retrieve detailed information about a managed policy: get-policy
(Optional) To find out about the relationships between the policies and identities, run the following commands:
- To list the identities (IAM users, IAM groups, and IAM roles) to which a managed policy is attached, run the following command:
  - list-entities-for-policy
- To list the managed policies attached to an identity (a user, user group, or role), run one of the following commands:
To delete a customer managed policy, run the following command:
- delete-policy

Deleting inline policies (Amazon CLI)

You can delete an inline policy from the Amazon CLI.

To delete an inline policy (Amazon CLI)

(Optional) To list all inline policies that are attached to an identity (user, user group, role), use one of the following commands:
(Optional) To retrieve an inline policy document that is embedded in an identity (user, user group, or role), use one of the following commands:
To delete an inline policy from an identity (user, user group, or role that is not a service-linked role), use one of the following commands:

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Delete IAM policies (console)

Delete IAM policies (Amazon API)