User policy that allows Deleting iam users

0

As mentioned in the AWS documentation, I created policy to allow delete IAM users' operation. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_delegate-permissions_examples.html

"Deleting the user. This task requires permissions to perform all of the following actions: DeleteSigningCertificate, DeleteLoginProfile, RemoveUserFromGroup, and DeleteUser"

{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "iam:RemoveUserFromGroup", "iam:DeleteSigningCertificate", "iam:GetUserPolicy", "iam:ListUsers", "iam:DeleteUser" ], "Resource": "*" } ] } But it doesn't allow to delete users.

  • please accept the answer if it was helpful

asked 4 months ago268 views
2 Answers
3

try this one

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:RemoveUserFromGroup",
                "iam:DeleteSigningCertificate",
                "iam:DeleteUserPolicy",
                "iam:ListUserPolicies",
                "iam:ListGroupsForUser",
                "iam:DeleteAccessKey",
                "iam:DeleteSSHPublicKey",
                "iam:DeleteServiceSpecificCredential",
                "iam:DeleteLoginProfile",
                "iam:GetUser",
                "iam:ListAttachedUserPolicies",
                "iam:ListUserTags",
                "iam:DetachUserPolicy",
                "iam:DeleteUser",
                "iam:ListUsers",
                "iam:DeleteVirtualMFADevice"
            ],
            "Resource": "*"
        }
    ]
}

profile picture
EXPERT
answered 4 months ago
profile picture
EXPERT
reviewed 4 months ago
profile picture
EXPERT
reviewed 4 months ago
0

The above policy should work.

To ensure comprehensive user deletion, it's imperative to account for all associated resources and credentials. This includes Attached Managed Policies, Inline Policies, Access Keys, Group Associations, Tags, Signing Certificates, and CodeCommit SSH Credentials. Please refer to the updated policy guidelines as detailed in the AWS documentation here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_delegate-permissions_examples.html#creds-policies-users

AWS
answered 4 months ago
profile picture
EXPERT
reviewed 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions