Menu
AWS Identity and Access Management
User Guide

Deleting an IAM Group

When you delete a group in the AWS Management Console, the console automatically removes all group members, detaches all attached managed policies, and deletes all inline policies. However, because IAM does not automatically delete policies that refer to the group as a resource, you must be careful when you delete a group. Before you delete your group, you must manually check all of your policies to find any policies where that group is mentioned by name. For example, let's say John is the manager of the testing part of the organization. John has a policy attached to his IAM user entity that lets him add and remove users from the Test group. If an administrator deletes the group, the administrator must also delete the policy attached to John.

To find policies that refer to a group as a resource

  1. From the navigation pane of the IAM console, choose Policies.

  2. From the Policy type drop-down list, choose Customer managed to filter the policies to show only your custom policies.

  3. Choose the arrow next to each policy name to expand the policy summary.

  4. Choose IAM from the list of services, if it exists.

  5. Look for the name of your group in the Resource column.

  6. Choose Delete policy to delete the policy.

In contrast, when you use the AWS CLI, Tools for Windows PowerShell, or AWS API to delete a group, you must first remove the users in the group. Then delete any inline policies embedded in the group. Next, detach any managed policies that are attached to the group. Only then can you delete the group itself.

Deleting an IAM Group (Console)

You can delete an IAM group from the AWS Management Console.

To delete an IAM group (console)

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Groups.

  3. In the list of groups, select the check box next to the name of the group to delete. You can use the Filter menu and the search box to filter the list of policies.

  4. Click Group Actions, then click Delete Group.

  5. In the confirmation box, click Yes, Delete.

Deleting an IAM Group (AWS CLI)

You can delete an IAM group from the AWS CLI.

To delete an IAM group (AWS CLI)

  1. Remove all users from the group.

  2. Delete all inline policies embedded in the group.

  3. Detach all managed policies attached to the group.

  4. Delete the group.

Deleting an IAM Group (AWS API)

You can use the AWS API to delete an IAM group.

To delete an IAM group (AWS API)

  1. Remove all users from the group.

  2. Delete all inline policies embedded in the group.

  3. Detach all managed policies attached to the group.

  4. Delete the group.