DetachUserPolicy.go


// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: MIT-0
package main

import (
    "flag"
    "fmt"

    "github.com/aws/aws-sdk-go/aws/session"
    "github.com/aws/aws-sdk-go/service/iam"
    "github.com/aws/aws-sdk-go/service/iam/iamiface"
)

// DetachDynamoFullPolicy detaches an Amazon DynamoDB full-access policy from an IAM role
// Inputs:
//     svc is the current session, which provides configuration for the SDK's service clients
//     roleName is the name of the IAM role
// Output:
//     If success, nil
//     Otherwise, an error from the call to DetachRolePolicy
func DetachDynamoFullPolicy(svc iamiface.IAMAPI, roleName *string) error {
    policyArn := "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess"

    _, err := svc.DetachRolePolicy(&iam.DetachRolePolicyInput{
        PolicyArn: &policyArn,
        RoleName:  roleName,
    })
    return err
}

func main() {
    roleName := flag.String("r", "", "The name of the IAM role")
    flag.Parse()

    if *roleName == "" {
        fmt.Println("You must supply a role name (-r ROLE)")
        return
    }

    sess := session.Must(session.NewSessionWithOptions(session.Options{
        SharedConfigState: session.SharedConfigEnable,
    }))

    svc := iam.New(sess)

    err := DetachDynamoFullPolicy(svc, roleName)
    if err != nil {
        fmt.Println("Unable to detach DynamoDB full-access role policy to role")
        return
    }
    fmt.Println("Role detached successfully")
}

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

DetachUserPolicy

DetachUserPolicy_test.go