Delete IAM policies (AWS API)

You can use the AWS API to delete customer managed policies and inline policies in IAM. The number and size of IAM resources in an AWS account are limited. For more information, see IAM and AWS STS quotas.

Note

Deletion of IAM policies is permanent. After the policy is deleted it cannot be recovered.

For more information about IAM policy structure and syntax, see Policies and permissions in AWS Identity and Access Management and the IAM JSON policy element reference.

For more information about the difference between managed and inline policies, see Managed policies and inline policies.

Prerequisites

Before you delete a policy, you should review its recent service-level activity. This is important because you don't want to remove access from a principal (person or application) who is using it. For more information about viewing last accessed information, see Refine permissions in AWS using last accessed information.

Deleting customer managed policies (AWS API)

You can delete a customer managed policy using the AWS API.

To delete a customer managed policy (AWS API)

1. (Optional) To view information about a policy, call the following operations:

   • To list managed policies: ListPolicies

   • To retrieve detailed information about a managed policy: GetPolicy

2. (Optional) To find out about the relationships between the policies and identities, call the following operations:

   • To list the identities (users, user groups, and roles) to which a managed policy is attached, call the following operation:

     • ListEntitiesForPolicy

   • To list the managed policies attached to an identity (a user, user group, or role), call one of the following operations:

     • ListAttachedUserPolicies

     • ListAttachedGroupPolicies

     • ListAttachedRolePolicies

3. To delete a customer managed policy, call the following operation:

   • DeletePolicy

Deleting inline policies (AWS API)

You can delete an inline policy using the AWS API.

To delete an inline policy (AWS API)

1. (Optional) To list all inline policies that are attached to an identity (user, user group, role), call one of the following operations:

   • ListUserPolicies

   • ListGroupPolicies

   • ListRolePolicies

2. (Optional) To retrieve an inline policy document that is embedded in an identity (user, user group, or role), call one of the following operations:

   • GetUserPolicy

   • GetGroupPolicy

   • GetRolePolicy

3. To delete an inline policy from an identity (user, user group, or role that is not a service-linked role), call one of the following operations:

   • DeleteUserPolicy

   • DeleteGroupPolicy

   • DeleteRolePolicy