How to delete an IAM Role in AWS

Pragti Chauhan
Feature image


Unused IAM Roles are a security menace and must be periodically reviewed and purged from AWS account. The principle of least access and least privilege must be followed at all times. It is a security best practice to create and have only the roles (with strictly mapped privileges) that are required for the function of the AWS account.

IAM roles should not exist if they are not going to be used. This ensures that the attack surface for the AWS account is reduced. Based on the privileges of the role, an attacker may misuse it to perform privilege escalation via a compute instance and may even compromise the entire AWS account.

In this article we will take a look at how to delete an IAM Role in AWS.

Delete an IAM Role in AWS

Following are the steps to delete an IAM Role in AWS:

  1. Login to AWS Management Console and navigate to IAM service

    IAM Service

  2. Under Access management on IAM dashboard, go to Roles

    IAM Roles

  3. In the Roles list we can see all the roles and also the Last Activity and know if the role is being actively used or not. Select the role to be removed from the Roles list

    Select Role

  4. Click on Delete button

    Delete Role

  5. A pop-up for confirming the Delete action will appear. Provide role name to be removed

    Provide Role Name

  6. Click on Delete button in the pop-up

    Confirm Role Deletion

  7. The selected role will be removed from the IAM Roles list

    IAM Role Deleted

← Back to Academy