Deleting IAM users - AWS SDK for .NET

Do you want to deploy your .NET applications to AWS in just a few simple clicks? Try our new .NET CLI tooling for a simplified deployment experience! Read our blog post and submit your feedback on GitHub!

For additional information, see the section for the deployment tool in this guide.

Deleting IAM users

This example shows you how use the AWS SDK for .NET to delete an IAM user. It first removes resources such as access keys, attached policies, etc., and then deletes the user.

The following sections provide snippets of this example. The complete code for the example is shown after that, and can be built and run as is.

Remove items from the user

The following snippets show examples of items that must be removed from a user before the user can be deleted, items such as managed policies and access keys.

The example at the end of this topic shows this snippet in use.

// // Method to detach managed policies from a user private static async Task DetachPolicies( IAmazonIdentityManagementService iamClient, string userName) { ListAttachedUserPoliciesResponse responseManagedPolicies = await iamClient.ListAttachedUserPoliciesAsync( new ListAttachedUserPoliciesRequest{UserName = userName}); foreach(AttachedPolicyType policy in responseManagedPolicies.AttachedPolicies) { Console.WriteLine($"\tDetaching policy {policy.PolicyName}"); await iamClient.DetachUserPolicyAsync(new DetachUserPolicyRequest{ PolicyArn = policy.PolicyArn, UserName = userName}); } } // // Method to delete access keys from a user private static async Task DeleteAccessKeys( IAmazonIdentityManagementService iamClient, string userName) { ListAccessKeysResponse responseAccessKeys = await iamClient.ListAccessKeysAsync( new ListAccessKeysRequest{UserName = userName}); foreach(AccessKeyMetadata accessKey in responseAccessKeys.AccessKeyMetadata) { Console.WriteLine($"\tDeleting Access key {accessKey.AccessKeyId}"); await iamClient.DeleteAccessKeyAsync(new DeleteAccessKeyRequest{ UserName = userName, AccessKeyId = accessKey.AccessKeyId}); } }

Delete the user

The following snippet calls methods to remove items from a user and then deletes the user.

The example at the end of this topic shows this snippet in use.

// // Method to delete a user private static async Task DeleteUser( IAmazonIdentityManagementService iamClient, string userName) { Console.WriteLine($"\nDeleting user {userName}..."); // // Remove items from the user // // Detach any managed policies await DetachPolicies(iamClient, userName); // Delete any access keys await DeleteAccessKeys(iamClient, userName); // DeleteLoginProfileAsycn(), DeleteUserPolicyAsync(), etc. // See the description of DeleteUserAsync for a full list. // // Delete the user // await iamClient.DeleteUserAsync(new DeleteUserRequest(userName)); Console.WriteLine("Done"); }

Complete code

This section shows relevant references and the complete code for this example.

using System; using System.Threading.Tasks; using Amazon.IdentityManagement; using Amazon.IdentityManagement.Model; namespace IamDeleteUser { class Program { static async Task Main(string[] args) { if(args.Length != 1) { Console.WriteLine("\nUsage: IamDeleteUser user-name"); Console.WriteLine(" user-name - The name of the user you want to delete."); return; } // Create an IAM service client var iamClient = new AmazonIdentityManagementServiceClient(); // Delete the given user await DeleteUser(iamClient, args[0]); // Could display a list of the users that are left. } // // Method to delete a user private static async Task DeleteUser( IAmazonIdentityManagementService iamClient, string userName) { Console.WriteLine($"\nDeleting user {userName}..."); // // Remove items from the user // // Detach any managed policies await DetachPolicies(iamClient, userName); // Delete any access keys await DeleteAccessKeys(iamClient, userName); // DeleteLoginProfileAsycn(), DeleteUserPolicyAsync(), etc. // See the description of DeleteUserAsync for a full list. // // Delete the user // await iamClient.DeleteUserAsync(new DeleteUserRequest(userName)); Console.WriteLine("Done"); } // // Method to detach managed policies from a user private static async Task DetachPolicies( IAmazonIdentityManagementService iamClient, string userName) { ListAttachedUserPoliciesResponse responseManagedPolicies = await iamClient.ListAttachedUserPoliciesAsync( new ListAttachedUserPoliciesRequest{UserName = userName}); foreach(AttachedPolicyType policy in responseManagedPolicies.AttachedPolicies) { Console.WriteLine($"\tDetaching policy {policy.PolicyName}"); await iamClient.DetachUserPolicyAsync(new DetachUserPolicyRequest{ PolicyArn = policy.PolicyArn, UserName = userName}); } } // // Method to delete access keys from a user private static async Task DeleteAccessKeys( IAmazonIdentityManagementService iamClient, string userName) { ListAccessKeysResponse responseAccessKeys = await iamClient.ListAccessKeysAsync( new ListAccessKeysRequest{UserName = userName}); foreach(AccessKeyMetadata accessKey in responseAccessKeys.AccessKeyMetadata) { Console.WriteLine($"\tDeleting Access key {accessKey.AccessKeyId}"); await iamClient.DeleteAccessKeyAsync(new DeleteAccessKeyRequest{ UserName = userName, AccessKeyId = accessKey.AccessKeyId}); } } } }

Additional considerations

  • For information about the resources that must be removed from the user, see the description of the DeleteUserAsync method, but be sure to use the Async versions of the referenced methods.

  • You can also see the list of users and the results of this example in the IAM console.