Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Use DetachUserPolicy with an AWS SDK or CLI

Focus mode
Use DetachUserPolicy with an AWS SDK or CLI - AWS Identity and Access Management

The following code examples show how to use DetachUserPolicy.

Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:

CLI
AWS CLI

To detach a policy from a user

This example removes the managed policy with the ARN arn:aws:iam::123456789012:policy/TesterPolicy from the user Bob.

aws iam detach-user-policy \ --user-name Bob \ --policy-arn arn:aws:iam::123456789012:policy/TesterPolicy

This command produces no output.

For more information, see Changing permissions for an IAM user in the AWS IAM User Guide.

PowerShell
Tools for PowerShell

Example 1: This example detaches the managed policy whose ARN is arn:aws:iam::123456789012:policy/TesterPolicy from the IAM user named Bob.

Unregister-IAMUserPolicy -UserName Bob -PolicyArn arn:aws:iam::123456789012:policy/TesterPolicy

Example 2: This example finds all the managed policies that are attached to the IAM user named Theresa and detaches those policies from the user.

Get-IAMAttachedUserPolicyList -UserName Theresa | Unregister-IAMUserPolicy -Username Theresa
  • For API details, see DetachUserPolicy in AWS Tools for PowerShell Cmdlet Reference.

Python
SDK for Python (Boto3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

def detach_policy(user_name, policy_arn): """ Detaches a policy from a user. :param user_name: The name of the user. :param policy_arn: The Amazon Resource Name (ARN) of the policy. """ try: iam.User(user_name).detach_policy(PolicyArn=policy_arn) logger.info("Detached policy %s from user %s.", policy_arn, user_name) except ClientError: logger.exception( "Couldn't detach policy %s from user %s.", policy_arn, user_name ) raise
  • For API details, see DetachUserPolicy in AWS SDK for Python (Boto3) API Reference.

Ruby
SDK for Ruby
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

# Detaches a policy from a user # # @param user_name [String] The name of the user # @param policy_arn [String] The ARN of the policy to detach # @return [Boolean] true if the policy was successfully detached, false otherwise def detach_user_policy(user_name, policy_arn) @iam_client.detach_user_policy( user_name: user_name, policy_arn: policy_arn ) @logger.info("Policy '#{policy_arn}' detached from user '#{user_name}' successfully.") true rescue Aws::IAM::Errors::NoSuchEntity @logger.error('Error detaching policy: Policy or user does not exist.') false rescue Aws::IAM::Errors::ServiceError => e @logger.error("Error detaching policy from user '#{user_name}': #{e.message}") false end
Rust
SDK for Rust
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

pub async fn detach_user_policy( client: &iamClient, user_name: &str, policy_arn: &str, ) -> Result<(), iamError> { client .detach_user_policy() .user_name(user_name) .policy_arn(policy_arn) .send() .await?; Ok(()) }
AWS CLI

To detach a policy from a user

This example removes the managed policy with the ARN arn:aws:iam::123456789012:policy/TesterPolicy from the user Bob.

aws iam detach-user-policy \ --user-name Bob \ --policy-arn arn:aws:iam::123456789012:policy/TesterPolicy

This command produces no output.

For more information, see Changing permissions for an IAM user in the AWS IAM User Guide.

For a complete list of AWS SDK developer guides and code examples, see Using this service with an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.