AWS Identity and Access Management
User Guide

Deleting IAM Policies

You can delete IAM policies using the AWS Management Console, the AWS Command Line Interface (AWS CLI), or the IAM API.

For more information about the difference between managed and inline policies, see Managed Policies and Inline Policies.

For general information about IAM policies, see Policies and Permissions.

For information about policy size limitations and other quotas, see Limitations on IAM Entities and Objects.

View Policy Access

Before you delete a policy, you should review its recent service-level activity. This is important because you don't want to remove access from a principal (person or application) who is using it. For more information about viewing service last accessed data, see Reducing Permissions Using Service Last Accessed Data.

Deleting IAM Policies (Console)

You can delete a customer managed policy to remove it from your AWS account. You cannot delete AWS managed policies.

To delete a customer managed policy (console)

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Policies.

  3. Select the check box next to the customer managed policy to delete. You can use the Filter menu and the search box to filter the list of policies.

  4. Choose Policy actions, and then choose Delete.

  5. Confirm that you want to delete the policy, and then choose Delete.

To delete an inline policy for a group, user, or role (console)

  1. In the navigation pane, choose Groups, Users, or Roles.

  2. Choose the name of the group, user, or role with the policy that you want to delete. Then choose the Permissions tab. If you chose Users or Roles, expand the policy.

  3. To delete an inline policy in Groups, choose Remove Policy. To delete an inline policy in Users or Roles, choose X.

Deleting IAM Policies (AWS CLI)

You can delete a customer managed policy from the AWS Command Line Interface.

To delete a customer managed policy (AWS CLI)

  1. (Optional) To view information about a policy, run the following commands:

  2. (Optional) To find out about the relationships between the policies and identities, run the following commands:

  3. To delete a customer managed policy, run the following command:

To delete an inline policy (AWS CLI)

  1. (Optional) To list all inline policies that are attached to an identity (user, group, role), use one of the following commands:

  2. (Optional) To retrieve an inline policy document that is embedded in an identity (user, group, or role), use one of the following commands:

  3. To delete an inline policy from an identity (user, group, or role that is not a service-linked role), use one of the following commands:

Deleting IAM Policies (AWS API)

You can delete a customer managed policy using the AWS API.

To delete a customer managed policy (AWS API)

  1. (Optional) To view information about a policy, call the following operations:

    • To list managed policies: ListPolicies

    • To retrieve detailed information about a managed policy: GetPolicy

  2. (Optional) To find out about the relationships between the policies and identities, call the following operations:

  3. To delete a customer managed policy, call the following operation:

To delete an inline policy (AWS API)

  1. (Optional) To list all inline policies that are attached to an identity (user, group, role), call one of the following operations:

  2. (Optional) To retrieve an inline policy document that is embedded in an identity (user, group, or role), call one of the following operations:

  3. To delete an inline policy from an identity (user, group, or role that is not a service-linked role), call one of the following operations: