Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Use DetachUserPolicy
with an Amazon SDK or CLI
The following code examples show how to use DetachUserPolicy
.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in
context in the following code example:
- CLI
-
- Amazon CLI
-
To detach a policy from a user
This example removes the managed policy with the ARN arn:aws:iam::123456789012:policy/TesterPolicy
from the user Bob
.
aws iam detach-user-policy \
--user-name Bob
\
--policy-arn arn:aws:iam::123456789012:policy/TesterPolicy
This command produces no output.
For more information, see Changing permissions for an IAM user in the Amazon IAM User Guide.
- PowerShell
-
- Tools for PowerShell
-
Example 1: This example detaches the managed policy whose ARN is arn:aws:iam::123456789012:policy/TesterPolicy
from the IAM user named Bob
.
Unregister-IAMUserPolicy -UserName Bob -PolicyArn arn:aws:iam::123456789012:policy/TesterPolicy
Example 2: This example finds all the managed policies that are attached to the IAM user named Theresa
and detaches those policies from the user.
Get-IAMAttachedUserPolicyList -UserName Theresa | Unregister-IAMUserPolicy -Username Theresa
- Python
-
- SDK for Python (Boto3)
-
def detach_policy(user_name, policy_arn):
"""
Detaches a policy from a user.
:param user_name: The name of the user.
:param policy_arn: The Amazon Resource Name (ARN) of the policy.
"""
try:
iam.User(user_name).detach_policy(PolicyArn=policy_arn)
logger.info("Detached policy %s from user %s.", policy_arn, user_name)
except ClientError:
logger.exception(
"Couldn't detach policy %s from user %s.", policy_arn, user_name
)
raise
- Ruby
-
- SDK for Ruby
-
# Detaches a policy from a user
#
# @param user_name [String] The name of the user
# @param policy_arn [String] The ARN of the policy to detach
# @return [Boolean] true if the policy was successfully detached, false otherwise
def detach_user_policy(user_name, policy_arn)
@iam_client.detach_user_policy(
user_name: user_name,
policy_arn: policy_arn
)
@logger.info("Policy '#{policy_arn}' detached from user '#{user_name}' successfully.")
true
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Error detaching policy: Policy or user does not exist.")
false
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from user '#{user_name}': #{e.message}")
false
end
- Rust
-
- SDK for Rust
-
pub async fn detach_user_policy(
client: &iamClient,
user_name: &str,
policy_arn: &str,
) -> Result<(), iamError> {
client
.detach_user_policy()
.user_name(user_name)
.policy_arn(policy_arn)
.send()
.await?;
Ok(())
}
For a complete list of Amazon SDK developer guides and code examples, see
Using this service with an Amazon SDK.
This topic also includes information about getting started and details about previous SDK versions.