AWS Identity and Access Management
Using IAM (API Version 2010-05-08)
AWS Documentation » AWS Identity and Access Management » Using IAM » IAM Users and Groups » Deleting an IAM Group
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

Deleting an IAM Group

Topics

You might want to delete a group that you no longer need. When you use the AWS Management Console to delete a group, IAM deletes the group and any associated policies, but leaves the users intact. If you use the IAM CLI or API to remove the group, you must remove the users and policies before you can remove the group.

AWS Management Console

When you use the console to remove a group, IAM removes any policies associated with the group, and it removes the group. Users are removed from the group, and permissions the users had because they belonged to the group will no longer apply to them.

To use the AWS Management Console to delete a group

  1. In the navigation pane, click Groups, and then select the group name.

  2. From the Group Actions list, select Delete Group.

    Deleting a Group

  3. Review your changes, and then click Yes, Delete.

Command Line Interface or API

The following diagram and table describe the general process for deleting a group.

Flow for deleting a group

Process for Deleting a Group from Your AWS Account

1

Remove all users from the group.

2

Delete all policies attached to the group.

3

Delete the group.


How you actually execute the tasks in the preceding table depends on which interface you're using to access IAM. The interface-specific details are covered in the sections that follow.

Command Line Interface

If you're using the command line interface to access IAM, you can use a separate command for each of the tasks involved in deleting a group from your AWS account. Or, optionally, you can recursively delete the group and any attached policies by specifying an option with the command. The following table lists the commands to use. For more information about the commands, go to the AWS Identity and Access Management Command Line Interface Reference.

Process for Deleting a Group from Your AWS Account

1

Individually remove all users from the group: iam-groupremoveuser

2

Delete the policies attached to the group: iam-groupdelpolicy

3

Delete the group:iam-groupdel

This function works only when the users have been removed from the group, and when the policies are no longer attached. If you want to delete the group and all attached policies without first removing the users and policies, use the iam-groupdel -r option. For more information about this command, go to the AWS Identity and Access Management Command Line Interface Reference.


API

If you're programmatically accessing IAM, you use a separate API call for each of the tasks involved in setting up a new user. The following table lists the API actions to use. Before deleting the group, you must delete all users from the group and remove any policies attached to it.

Process for Deleting a User from Your AWS Account

1

Remove all users from the group: GetGroup (to get the list of users in the group), and RemoveUserFromGroup

2

Delete all policies attached to the group: ListGroupPolicies (to get a list of the group's policies), and DeleteGroupPolicy

3

Delete the group:DeleteGroup


For more information about the actions, go to the AWS Identity and Access Management API Reference, or refer to your SDK's documentation.

Document Conventions« PreviousNext »
Terms of UseDid this page help you?  Yes | No |  Tell us about it...