Reputation: 6749
AWS Console - Find and remove unused IAM roles
I have been messing around Amazon Web Services(AWS) with one single account for quite a while. I created and removed several EC2 instances, Lamdbda functions, NAT gateways etc.
Through all those, I created too many new roles and now, after settling down the stuff I ended up with a garbage of IAM roles -there are many of them.
To clean up, I want to find the roles that are not attached to any kind of item, resource or user (or idle for a period maybe, etc.) and remove them.
I searched the net but generally there are docs to reduce permissions of a particular role, which's fine but not the thing I want.
Upvotes: 1
Views: 2577
Answers (1)
Reputation: 3018
Login to AWS Management Console
Select your IAM role
Click the "Access Advisor" tab
The contents of this tab will display the last access time for each of the various services (S3, EC2, etc.)
Delete the role based on the last access time. Active roles should usually show recent access time
To be able to do it programmatically see https://stackoverflow.com/a/46815052/7983309
Upvotes: 1
Related Questions
- How can I drop a assumed role?
- Batch Delete IAM Roles from CLI Script
- Is it safe to delete IAM roles created automatically?
- How to disable unused roles in AWS account
- Cannot delete old AWS IAM Role
- Find role being used on server from AWS CLI
- How to remove assumed IAM role from local
- AWS - IAM and cleaning roles
- AWS -- how can I tell what is using a service-linked role?
- Where are my EC2 Profile Roles (In IAM Console)?