Delete an IAM group

When you delete an IAM group in the console, the console automatically removes all group members, detaches all attached managed policies, and deletes all inline policies. However, because IAM doesn't automatically delete policies that refer to the IAM group as a resource, you must be careful when you delete an IAM group. Before you delete your IAM group, manually review your policies to find any policies that mention the group by name. For example, John, the Test Team manager, has a policy attached to his IAM user entity that lets him add and remove users from the Test user group. If an administrator deletes the group, the administrator must also delete the policy attached to John. Otherwise, if the administrator recreates the deleted group and give it the same name, John's permissions remain in place, even if he left the Test Team.

In contrast, when you use the CLI, SDK, or API to delete a user group, you remove the users in the group first. Then you delete any inline policies embedded in the IAM group. Next, you detach any managed policies that are attached to the group. Then you delete the IAM group itself.

IAM console

Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
In the navigation pane, choose User groups.
In the list of IAM groups, select the check box next to the names of the IAM groups to delete. You can use the search box to filter the list of IAM groups by type, permissions, and group name.
Choose Delete.
In the confirmation box, if you want to delete a single group, type the group name and choose Delete. If you want to delete multiple groups, type the number of IAM group to delete followed by user groups and choose Delete. For example, if you want to delete three groups, type 3 user groups.

AWS CLI

Remove all users from the IAM group.
- aws iam get-group (to get the list of users in the IAM group), and aws iam remove-user-from-group (to remove a user from the IAM group)
Delete all inline policies embedded in the IAM group.
- aws iam list-group-policies (to get a list of the IAM group's inline policies), and aws iam delete-group-policy (to delete the IAM group's inline policies)
Detach all managed policies attached to the IAM group.
- aws iam list-attached-group-policies (to get a list of the managed policies attached to the IAM group), and aws iam detach-group-policy (to detach a managed policy from the IAM group)
Delete the IAM group.
- aws iam delete-group

API

Remove all users from the IAM group.
- GetGroup (to get the list of users in the IAM group) and RemoveUserFromGroup (to remove a user from the IAM group)
Delete all inline policies embedded in the IAM group.
- ListGroupPolicies (to get a list of the IAM group's inline policies) and DeleteGroupPolicy (to delete the IAM group's inline policies)
Detach all managed policies attached to the IAM group.
- ListAttachedGroupPolicies (to get a list of the managed policies attached to the IAM group) and DetachGroupPolicy (to detach a managed policy from the IAM group)
Delete the IAM group.
- DeleteGroup

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Rename a user group

Roles