Unused IAM Roles are a security menace and must be periodically reviewed and purged from AWS account. The principle of least access and least privilege must be followed at all times. It is a security best practice to create and have only the roles (with strictly mapped privileges) that are required for the function of the AWS account.
IAM roles should not exist if they are not going to be used. This ensures that the attack surface for the AWS account is reduced. Based on the privileges of the role, an attacker may misuse it to perform privilege escalation via a compute instance and may even compromise the entire AWS account.
In this article we will take a look at how to delete an IAM Role in AWS.
Delete an IAM Role in AWS
Following are the steps to delete an IAM Role in AWS:
Login to AWS Management Console and navigate to IAM service
Under Access management on IAM dashboard, go to Roles
In the Roles list we can see all the roles and also the Last Activity and know if the role is being actively used or not. Select the role to be removed from the Roles list
Click on Delete button
A pop-up for confirming the Delete action will appear. Provide role name to be removed
Click on Delete button in the pop-up
The selected role will be removed from the IAM Roles list