Remove permission sets in IAM Identity Center - Amazon IAM Identity Center
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Remove permission sets in IAM Identity Center

You can remove a permission set from IAM Identity Center users and groups in the IAM Identity Center console. You can also remove a permission set from an Amazon Web Services account. For more information about permission sets and how they are used in IAM Identity Center, see Manage Amazon Web Services accounts with permission sets.

Note

To use permission sets, you'll need to use an Organization instance of IAM Identity Center. For more information, see Organization and account instances of IAM Identity Center.

Remove permission set from a user
Remove permission set from a user

Use this procedure to remove a permission set from a user with the IAM Identity Center console.

  1. Sign in to the Amazon Web Services Management Console and open the Amazon IAM Identity Center console at https://console.amazonaws.cn/singlesignon/.

  2. Under IAM Identity Center, select Users.

  3. Select the username of the user you want to remove a permission set from.

  4. On the user details page, select the Amazon Web Services accounts tab. Under Amazon Web Services account access, select your Amazon Web Services account.

  5. In the right pane, the applied permissions for the selected user appears. Select the permission set you want to remove. Under Account Access details, select Remove.

  6. A dialog box appears asking if you want to remove this permission set. Select Remove.

    Amazon Web Services accounts tab for an IAM Identity Center user in the IAM Identity Center console.
Remove permission set from a group
Remove permission set from a group

Use this procedure to remove a permission set from a group with the IAM Identity Center console.

  1. Sign in to the Amazon Web Services Management Console and open the Amazon IAM Identity Center console at https://console.amazonaws.cn/singlesignon/.

  2. Under Multi-account permissions, select Amazon Web Services accounts. Select the link to your management account.

    Amazon Web Services accounts tab in the IAM Identity Center console.

  3. Under the Assigned users and groups tab, select the group you want to remove the permission set from and then select Change permission set.

  4. On the Change permission sets page, clear the permission set you want to remove and then select Save changes.

Remove permission set from an Amazon Web Services account

Use this procedure to remove a permission set from the Amazon Web Services account with the IAM Identity Center console.

  1. Sign in to the Amazon Web Services Management Console and open the Amazon IAM Identity Center console at https://console.amazonaws.cn/singlesignon/.

  2. Under Multi-account permissions, select Amazon Web Services accounts. Select the name of the Amazon Web Services account from which you want to remove the permission set.

  3. On the Overview page of the Amazon Web Services account, choose the Permission sets tab. Select the permission set you want to remove. Then select Remove.

  4. In the Remove permission set dialog box, confirm that the correct permission set is selected, type Delete to confirm removal, and then choose Remove access.