Delete permission sets in IAM Identity Center
If you want to revoke an active permission set session, see Revoke active IAM role sessions created by permission sets.
Before you can delete a permission set from IAM Identity Center, you must remove it from all AWS accounts that use the permission set. To check existing user and group access, see View user and group assignments.
To remove a permission set from an AWS account
-
Open the IAM Identity Center console
. -
Under Multi-account permissions, choose AWS accounts.
-
On the AWS accounts page, a tree view list of your organization appears. Select the name of the AWS account from which you want to remove the permission set.
-
On the Overview page for the AWS account, choose the Permission sets tab.
-
Select the check box next to the permission set that you want to remove, and then choose Remove.
-
In the Remove permission set dialog box, confirm that the correct permission set is selected, type
Delete
to confirm removal, and then choose Remove access.
Use the following procedure to delete one or more permission sets so that they can no longer be used by any AWS account in the organization.
Note
All users and groups that have been assigned this permission set, regardless of what AWS account is using it, will no longer be able to sign in. To check existing user and group access, see View user and group assignments.
To delete a permission set from an AWS account
-
Open the IAM Identity Center console
. -
Under Multi-account permissions, choose Permission sets.
-
Select the permission set that you want to delete, and then choose Delete.
-
In the Delete permission set dialog box, type the name of the permission set to confirm deletion, and then choose Delete. The name is case-sensitive.