IAM Users that have not been used for a long period of time or never used since creation are a security menace and must be periodically reviewed and removed from AWS account. The principle of least access and least privilege must be followed at all times.
Having users that have not been used for a long time creates an attack surface that could be abused by attackers. It is a security best practice to create and have only the users (with strictly mapped privileges) that are required for the function of the AWS account.
In this article we will take a look at how to remove an IAM User in AWS.
Following are the steps to remove an IAM User in AWS:
Login to AWS Management Console and navigate to IAM service
Under Access management on IAM dashboard, go to Users
In the Users list we can see all the users and also their Last Activity and know if the user is being actively used or not. Select the user to be removed from the Users list
Click on Delete button
A pop-up for confirming the Delete action will appear. Provide user name of the User to be removed
Click on Delete button in the pop-up
The selected user will be removed from the IAM Users list
