Managing IAM Users (part 2)
To read part 1, please click here
Deleting an IAM User
If a user quits then you can delete an IAM user from your your AWS account, but, if the user is away only temporarily, then, you can just deactivate the user's access.
Deleting an IAM User (console)
While doing this, the IAM automatically deletes the following information:
- The user.
- Any user group memberships, i.e., the user is removed from all the IAM user groups where user was a member.
- Any password linked with the user.
- Any access keys belonging to the user.
- All inline policies embedded in the user (however, policies applied via user group permissions remains unaffected).
- Any associated MFA devices.
To Delete an IAM User (console)
- First of all, sign-in to the AWS Management Console and open the IAM console at https:// console.aws.amazon.com/iam/.
- Now, select Users and the user name you want to delete, in the navigation pane.
- Choose Delete at the top of the page.
- After this, you can enter the user name in the text input field to confirm the deletion in the confirmation dialog box and select Delete.
Deleting an IAM User (AWS CLI)
- Delete the user's password (if any). [aws iam delete-login-profile]
- Delete the user's access keys (if any). [aws iam list-access-keys; aws iam delete-access-key]
- Delete the user's signing certificate permanently. [aws iam list-signing certificates; aws iam delete-signing-certificate]
- Delete the user's SSH public key (if any). [aws iam list-ssh-pubilc-keys; aws iam delete-ssh-public-key]
- Delete the user's Git credentials. [aws iam list-service-specific-credentials; aws iam delete-service-specific-credential]
- Deactivate the user's MFA device (if any). [aws iam list-mfa-devices; aws iam deactivate-mfa-device; aws iam delete-virtual-mfa-device]
- Delete the user's inline policies. [aws iam list-user-policies; aws iam delete-user-policy]
- Detach any managed policies attached with the user. [aws iam list-attached-user-policies; aws iam detach-user-policy]
- Remove the user from any user groups. [aws iam list-groups-for-user; aws iam delete-user-from-group]
- Delete the user. [aws iam delete-user]
Deactivating an IAM User
You can easily deactivate an IAM user while they are away temporarily while keeping their credentials in place and still blocking their AWS access. In order to do that, you can simply create as well as attach a policy denying the user's access to AWS and then restore it later.
To read part 1, please click here
Comments
Post a Comment