Menu
AWS Identity and Access Management
User Guide

Deleting an IAM Group

When you delete a group in the AWS Management Console, the console automatically removes all group members, detaches all attached managed policies, and deletes all inline policies.

In contrast, when you use the AWS CLI, Tools for Windows PowerShell, or AWS API to delete a group, you must first remove the users in the group, delete any inline policies embedded in the group, and detach any managed policies attached to the group before you can delete the group.

To delete an IAM group (AWS Management Console)

  1. Sign in to the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, select Groups.

  3. In the list of groups, select the check box next to the name of the group to delete. You can use the Filter menu and the search box to filter the list of policies.

  4. Click Group Actions, then click Delete Group.

  5. In the confirmation box, click Yes, Delete.

To delete an IAM group (AWS CLI, Tools for Windows PowerShell, AWSAPI)

  1. Remove all users from the group.

    • CLI: aws iam get-group (to get the list of users in the group), and aws iam remove-user-from-group (to remove a user from the group)

    • Tools for Windows PowerShell:

      Copy
      (Get-IAMGroup -GroupName "GroupToDelete").Users | Remove-IAMUserFromGroup -GroupName "GroupToDelete" -Force
    • AWS API: GetGroup (to get the list of users in the group), and RemoveUserFromGroup (to remove a user from the group)

  2. Delete all inline policies embedded in the group.

    • CLI: aws iam list-group-policies (to get a list of the group's inline policies), and aws iam delete-group-policy (to delete the group's inline policies)

    • Tools for Windows PowerShell:

      Copy
      Get-IAMGroupPolicies -GroupName "GroupToReplace" | % { Remove-IAMGroupPolicy -GroupName "GroupToReplace" -PolicyName $_ -Force}
    • AWS API: ListGroupPolicies (to get a list of the group's inline policies), and DeleteGroupPolicy (to delete the group's inline policies)

  3. Detach all managed policies attached to the group.

    • CLI: aws iam list-attached-group-policies (to get a list of the managed policies attached to the group), and aws iam detach-group-policy (to detach a managed policy from the group)

    • Tools for Windows PowerShell:

      Copy
      Get-IAMAttachedUserPolicies -UserName "UserToDelete" | % { Unregister-IAMUserPolicy -PolicyArn $_.PolicyArn -UserName -UserName "UserToDelete" -Force }
    • AWS API: ListAttachedGroupPolicies (to get a list of the managed policies attached to the group'), and DetachGroupPolicy (to detach a managed policy from the group)

  4. Delete the group.