|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
If you are not using a role, delete the role and its associated permissions so that you don’t have an unused entity that is not actively monitored or maintained.
You can also remove roles from instance profiles.
Make sure you do not have any Amazon EC2 instances running with the role or instance profile you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.
When you use the AWS Management Console to delete a role, IAM also automatically deletes the policies associated with the role, and the instance profile that contains the role.
To delete a role
In the navigation pane of the IAM Dashboard, click Roles.
Select the role you want to delete.
From the Role Actions list, select Delete Role.
Review your changes, and then click Yes, Delete.
You cannot use the console to delete an instance profile, except when you delete it as part of the process of deleting a role as described in the preceding procedure. To delete an instance profile without also deleting the role, you must use the CLI or API. For information about using the CLI or API to remove a role from an instance profile, see Delete a Role (CLI and API).
When you use the IAM CLI or API to delete a role, you must first delete the policies associated with the role. Also, if you want to delete the associated instance profile that contains the role, you must delete it separately.
To delete a role
If you don't know the name of the role that you want to delete, list the roles in your account by entering the following command:
aws iam list-roles
A list of roles with their Amazon Resource Name (ARN) is displayed. Use the
role name, not the ARN, to refer to roles with the CLI commands. For example, if
a role had the following ARN:
arn:aws:iam::123456789012:role/myrole, you refer to the role as
Remove the role from all instance profiles that the role is in.
List all instance profiles that the role is associated with by entering the following command:
aws iam list-instance-profiles-for-role --role-name
To remove the role from an instance profile, enter the following command for each instance profile:
aws iam remove-role-from-instance-profile --instance-profile-name
Delete all policies that are associated with the role.
List all policies that are in the role by entering the following command:
aws iam list-role-policies --role-name
To delete each policy from the role, enter the following command for each policy:
aws iam delete-role-policy --role-name
Delete the role by entering the following command:
aws iam delete-role --role-name
If you are not using the instance profiles that were associated with the role, you can delete them by entering the following command:
aws iam delete-instance-profile --instance-profile-name
To delete a role
Remove the role from all instance profiles that the role is in by calling
You must pass the role name and instance profile name. You can list all
instance profiles that a role is in by calling
Delete all policies that are associated with the role by calling
You must pass the role name and policy name. You can list all policies for a
role by calling
Delete the role by calling
If you are not using the instance profiles that were associated with the role,
you can delete them by calling
For general information about instance profiles, see Instance Profiles.