Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Delete an IAM group
When you delete an IAM group in the console, the console automatically removes all group
members, detaches all attached managed policies, and deletes all inline policies. However,
because IAM doesn't automatically delete policies that refer to the IAM group as a
resource, you must be careful when you delete an IAM group. Before you delete your
IAM group, manually review your policies to find any policies that mention the group by
name. For example, John, the Test Team manager, has a policy attached to his IAM user entity
that lets him add and remove users from the Test user group. If an administrator deletes the
group, the administrator must also delete the policy attached to John. Otherwise, if the
administrator recreates the deleted group and give it the same name, John's permissions remain
in place, even if he left the Test Team.
In contrast, when you use the CLI, SDK, or API to delete a user group, you remove the users
in the group first. Then you delete any inline policies embedded in the IAM group. Next, you
detach any managed policies that are attached to the group. Then you delete the IAM group
itself.
- classic IAM console
-
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/.
-
In the navigation pane, choose User groups.
-
In the list of IAM groups, select the check box next to the names of the
IAM groups to delete. You can use the search box to filter the list of
IAM groups by type, permissions, and group name.
-
Choose Delete.
-
In the confirmation box, if you want to delete a single group, type the group name
and choose Delete. If you want to delete multiple groups, type
the number of IAM group to delete followed by user groups
and choose Delete. For example, if you want to delete three
groups, type 3 user groups
.
- Amazon CLI
-
-
Remove all users from the IAM group.
-
Delete all inline policies embedded in the IAM group.
-
Detach all managed policies attached to the IAM group.
-
Delete the IAM group.
- API
-
-
Remove all users from the IAM group.
-
Delete all inline policies embedded in the IAM group.
-
Detach all managed policies attached to the IAM group.
-
Delete the IAM group.