Use DeletePolicyVersion with an AWS SDK or CLI - AWS Identity and Access Management

Use DeletePolicyVersion with an AWS SDK or CLI

The following code examples show how to use DeletePolicyVersion.

Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code examples:

CLI
AWS CLI

To delete a version of a managed policy

This example deletes the version identified as v2 from the policy whose ARN is arn:aws:iam::123456789012:policy/MySamplePolicy.

aws iam delete-policy-version \
    --policy-arn arn:aws:iam::123456789012:policy/MyPolicy \
    --version-id v2

This command produces no output.

For more information, see Policies and permissions in IAM in the AWS IAM User Guide.

PowerShell
Tools for PowerShell V4

Example 1: This example deletes the version identified as v2 from the policy whose ARN is arn:aws:iam::123456789012:policy/MySamplePolicy.

Remove-IAMPolicyVersion -PolicyArn arn:aws:iam::123456789012:policy/MySamplePolicy -VersionID v2

Example 2: This example deletes a policy by first deleting all non-default policy versions and then deleting the policy itself. The first line retrieves the policy object. The second line retrieves all of the policy versions that are not flagged as the default into a collection and then uses this command to delete each policy in the collection. The last line removes the policy itself as well as the remaining default version. Note that to successfully delete a managed policy, you must also detach the policy from any users, groups, or roles by using the Unregister-IAMUserPolicy, Unregister-IAMGroupPolicy, and Unregister-IAMRolePolicy commands. See the example for the Remove-IAMPolicy cmdlet. 

$pol = Get-IAMPolicy -PolicyArn arn:aws:iam::123456789012:policy/MySamplePolicy
Get-IAMPolicyVersions -PolicyArn $pol.Arn | where {-not $_.IsDefaultVersion} | Remove-IAMPolicyVersion -PolicyArn $pol.Arn -force
Remove-IAMPolicy -PolicyArn $pol.Arn -force
Tools for PowerShell V5

Example 1: This example deletes the version identified as v2 from the policy whose ARN is arn:aws:iam::123456789012:policy/MySamplePolicy.

Remove-IAMPolicyVersion -PolicyArn arn:aws:iam::123456789012:policy/MySamplePolicy -VersionID v2

Example 2: This example deletes a policy by first deleting all non-default policy versions and then deleting the policy itself. The first line retrieves the policy object. The second line retrieves all of the policy versions that are not flagged as the default into a collection and then uses this command to delete each policy in the collection. The last line removes the policy itself as well as the remaining default version. Note that to successfully delete a managed policy, you must also detach the policy from any users, groups, or roles by using the Unregister-IAMUserPolicy, Unregister-IAMGroupPolicy, and Unregister-IAMRolePolicy commands. See the example for the Remove-IAMPolicy cmdlet. 

$pol = Get-IAMPolicy -PolicyArn arn:aws:iam::123456789012:policy/MySamplePolicy
Get-IAMPolicyVersions -PolicyArn $pol.Arn | where {-not $_.IsDefaultVersion} | Remove-IAMPolicyVersion -PolicyArn $pol.Arn -force
Remove-IAMPolicy -PolicyArn $pol.Arn -force
SAP ABAP
SDK for SAP ABAP
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository. 

    TRY.
        lo_iam->deletepolicyversion(
          iv_policyarn = iv_policy_arn
          iv_versionid = iv_version_id ).
        MESSAGE 'Policy version deleted successfully.' TYPE 'I'.
      CATCH /aws1/cx_iamnosuchentityex.
        MESSAGE 'Policy or version does not exist.' TYPE 'E'.
      CATCH /aws1/cx_iamdeleteconflictex.
        MESSAGE 'Cannot delete default policy version.' TYPE 'E'.
      CATCH /aws1/cx_iamlimitexceededex.
        MESSAGE 'Limit exceeded.' TYPE 'E'.
    ENDTRY.

For a complete list of AWS SDK developer guides and code examples, see Using this service with an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.