Delete IAM user

January 27, 2019 AWS, Cloud

To list users, run the following.

[andy@home-pc ~]$ aws iam list-users
{
    "Users": [
        {
            "Path": "/",
            "UserName": "andy",
            "UserId": "ALQAI25NJH6TW9CCP6HAU",
            "Arn": "arn:aws:iam::902857267385:user/andy",
            "CreateDate": "2018-03-06T11:33:20Z"
        },
        {
            "Path": "/",
            "UserName": "gitlab",
            "UserId": "ALDBJ1MZD8V1MPUNI1AYA",
            "Arn": "arn:aws:iam::902857267385:user/gitlab",
            "CreateDate": "2018-05-19T03:15:33Z"
        }
    ]
}

Before you can delete a user, you first need to delete any resources they are using such as keys, certificates, login profile, MFA, etc.

Pre-checks

Access Keys

List access keys.

[andy@home-pc ~]$ aws iam list-access-keys --user-name andy
{
    "AccessKeyMetadata": [
        {
            "UserName": "andy",
            "AccessKeyId": "AKPIY2IQJDVP0J1RSNBQ",
            "Status": "Active",
            "CreateDate": "2018-03-06T11:35:03Z"
        },
        {
            "UserName": "andy",
            "AccessKeyId": "AKPIYCTBDGQJJOUS87CA",
            "Status": "Active",
            "CreateDate": "2018-03-06T11:33:21Z"
        }
    ]
}

Delete access keys.

[andy@home-pc ~]$ aws iam delete-access-key --access-key AKPIYCTBDGQJJOUS87CA --user-name andy
[andy@home-pc ~]$ aws iam delete-access-key --access-key AKPAY2IQJDVP0J1RSNBQ --user-name andy

Signing Certificates

List signing certificates.

[andy@home-pc ~]$ aws iam list-signing-certificates --user-name andy
{
    "Certificates": []
}

If you had any, you would delete with:

[andy@home-pc ~]$ aws iam delete-signing-certificate --user-name andy --certificate-id TA7SMP42TDN5Z26OBPJE7

Login Profile

Show login profile.

[andy@home-pc ~]$ aws iam get-login-profile --user-name andy
{
    "LoginProfile": {
        "UserName": "andy",
        "CreateDate": "2018-03-06T11:33:21Z",
        "PasswordResetRequired": false
    }
}

Delete login profile.

[andy@home-pc ~]$ aws iam delete-login-profile --user-name andy

List attached user policies.

[andy@home-pc ~]$ aws iam list-attached-user-policies --user-name gitlab
{
    "AttachedPolicies": [
        {
            "PolicyName": "gitlab-s3-backup",
            "PolicyArn": "arn:aws:iam::902857267385:policy/gitlab-s3-backup"
        }
    ]
}

Detach user policy.

[andy@home-pc ~]$ aws iam detach-user-policy --user-name gitlab --policy-arn arn:aws:iam::902857267385:policy/gitlab-s3-backup

Groups

List groups user belongs to.

[andy@home-pc ~]$ aws iam list-groups-for-user --user-name andy
{
    "Groups": []
}

If you had any, delete with.

[andy@home-pc ~]$ aws iam remove-user-from-group --user-name andy --group-name Admins

Delete User

Now to delete the user, you should be able to simply run:

[andy@home-pc ~]$ aws iam delete-user --user-name andy

Check its been removed:

[andy@home-pc ~]$ aws iam list-users
{
    "Users": [
        {
            "Path": "/",
            "UserName": "gitlab",
            "UserId": "ALDBJ1MZD8V1MPUNI1AYA",
            "Arn": "arn:aws:iam::902857267385:user/gitlab",
            "CreateDate": "2018-05-19T03:15:33Z"
        }
    ]
}

[andy@home-pc ~]$ aws iam delete-user --user-name gitlab

List.

[andy@home-pc ~]$ aws iam list-users
{
    "Users": []
}

Related Articles

Be the first to comment

Leave a Reply