|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
You might delete an IAM user from your account if someone quits your company. If the user is only temporarily unavailable, you can disable the user's credentials instead of deleting the user entirely from the AWS account. That way, you can prevent the user from accessing the AWS account's resources during the absence but you can re-enable the user later. For more information about disabling credentials, see Administering Access Keys for IAM Users.
After you delete a user, any residual references to that user in other services (for example, in an Amazon SQS policy) display the unique ID in the user's ARN instead of the user's friendly name. If you've stored the unique ID in your own system, you can then use the displayed unique ID to identify the deleted user being referred to.
For information about the permissions that you need in order to delete a user, see Permissions for Administering IAM Users, Groups, and Credentials.
When you use the AWS Management Console to delete an IAM user, IAM deletes the following information:
Any group memberships—that is, the user is removed from any IAM groups that the user was a member of.
Any password associated with the user
Any access keys belonging to the user
All policies attached to the user (policies that are applied to a user via group permissions are not affected)
Any signing certificates belonging to the user
Any associated MFA device
To use the AWS Management Console to delete a user
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
In the navigation pane, click Users, and then select the user name.
From the User Actions list, select Delete User.
Click Yes, Delete.
To delete a user from your account using the CLI or API, follow these steps:
Delete the user's keys and certificates. This helps ensure that the user can't access your AWS account's resources anymore. Note that when you delete a security credential, it's gone forever and can't be retrieved.
Delete the user's password, if the user has one.
aws iam delete-login-profile
Deactivate the user's MFA device, if the user has one.
aws iam aws iam deactivate-mfa-device
Delete any policies that were attached to the user.
Get a list of any groups the user was in, and delete the user from those groups.
Delete the user.
aws iam delete-user