Use DeleteRole with an AWS SDK or CLI
The following code examples show how to use DeleteRole.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in
context in the following code examples:
- .NET
-
- SDK for .NET
-
/// <summary>
/// Delete an IAM role.
/// </summary>
/// <param name="roleName">The name of the IAM role to delete.</param>
/// <returns>A Boolean value indicating the success of the action.</returns>
public async Task<bool> DeleteRoleAsync(string roleName)
{
var response = await _IAMService.DeleteRoleAsync(new DeleteRoleRequest { RoleName = roleName });
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
- Bash
-
- AWS CLI with Bash script
-
###############################################################################
# function iecho
#
# This function enables the script to display the specified text only if
# the global variable $VERBOSE is set to true.
###############################################################################
function iecho() {
if [[ $VERBOSE == true ]]; then
echo "$@"
fi
}
###############################################################################
# function errecho
#
# This function outputs everything sent to it to STDERR (standard error output).
###############################################################################
function errecho() {
printf "%s\n" "$*" 1>&2
}
###############################################################################
# function iam_delete_role
#
# This function deletes an IAM role.
#
# Parameters:
# -n role_name -- The name of the IAM role.
#
# Returns:
# 0 - If successful.
# 1 - If it fails.
###############################################################################
function iam_delete_role() {
local role_name response
local option OPTARG # Required to use getopts command in a function.
# bashsupport disable=BP5008
function usage() {
echo "function iam_delete_role"
echo "Deletes an AWS Identity and Access Management (IAM) role"
echo " -n role_name -- The name of the IAM role."
echo ""
}
# Retrieve the calling parameters.
while getopts "n:h" option; do
case "${option}" in
n) role_name="${OPTARG}" ;;
h)
usage
return 0
;;
\?)
echo "Invalid parameter"
usage
return 1
;;
esac
done
export OPTIND=1
echo "role_name:$role_name"
if [[ -z "$role_name" ]]; then
errecho "ERROR: You must provide a role name with the -n parameter."
usage
return 1
fi
iecho "Parameters:\n"
iecho " Role name: $role_name"
iecho ""
response=$(aws iam delete-role \
--role-name "$role_name")
local error_code=${?}
if [[ $error_code -ne 0 ]]; then
aws_cli_error_log $error_code
errecho "ERROR: AWS reports delete-role operation failed.\n$response"
return 1
fi
iecho "delete-role response:$response"
iecho
return 0
}
- CLI
-
- AWS CLI
-
To delete an IAM role
The following delete-role command removes the role named Test-Role.
aws iam delete-role \
--role-name Test-Role
This command produces no output.
Before you can delete a role, you must remove the role from any instance profile (remove-role-from-instance-profile), detach any managed policies (detach-role-policy) and delete any inline policies that are attached to the role (delete-role-policy).
For more information, see Creating IAM roles and Using instance profiles in the AWS IAM User Guide.
- Go
-
- SDK for Go V2
-
import (
"context"
"encoding/json"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/iam"
"github.com/aws/aws-sdk-go-v2/service/iam/types"
)
// RoleWrapper encapsulates AWS Identity and Access Management (IAM) role actions
// used in the examples.
// It contains an IAM service client that is used to perform role actions.
type RoleWrapper struct {
IamClient *iam.Client
}
// DeleteRole deletes a role. All attached policies must be detached before a
// role can be deleted.
func (wrapper RoleWrapper) DeleteRole(ctx context.Context, roleName string) error {
_, err := wrapper.IamClient.DeleteRole(ctx, &iam.DeleteRoleInput{
RoleName: aws.String(roleName),
})
if err != nil {
log.Printf("Couldn't delete role %v. Here's why: %v\n", roleName, err)
}
return err
}
- JavaScript
-
- SDK for JavaScript (v3)
-
Delete the role.
import { DeleteRoleCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} roleName
*/
export const deleteRole = (roleName) => {
const command = new DeleteRoleCommand({ RoleName: roleName });
return client.send(command);
};
- PowerShell
-
- Tools for PowerShell V4
-
Example 1: This example deletes the role named MyNewRole from the current IAM account. Before you can delete the role you must first use the Unregister-IAMRolePolicy command to detach any managed policies. Inline policies are deleted with the role.
Remove-IAMRole -RoleName MyNewRole
Example 2: This example detaches any managed policies from the role named MyNewRole and then deletes the role. The first line retrieves any managed policies attached to the role as a collection and then detaches each policy in the collection from the role. The second line deletes the role itself. Inline policies are deleted along with the role.
Get-IAMAttachedRolePolicyList -RoleName MyNewRole | Unregister-IAMRolePolicy -RoleName MyNewRole
Remove-IAMRole -RoleName MyNewRole
- Tools for PowerShell V5
-
Example 1: This example deletes the role named MyNewRole from the current IAM account. Before you can delete the role you must first use the Unregister-IAMRolePolicy command to detach any managed policies. Inline policies are deleted with the role.
Remove-IAMRole -RoleName MyNewRole
Example 2: This example detaches any managed policies from the role named MyNewRole and then deletes the role. The first line retrieves any managed policies attached to the role as a collection and then detaches each policy in the collection from the role. The second line deletes the role itself. Inline policies are deleted along with the role.
Get-IAMAttachedRolePolicyList -RoleName MyNewRole | Unregister-IAMRolePolicy -RoleName MyNewRole
Remove-IAMRole -RoleName MyNewRole
- Python
-
- SDK for Python (Boto3)
-
def delete_role(role_name):
"""
Deletes a role.
:param role_name: The name of the role to delete.
"""
try:
iam.Role(role_name).delete()
logger.info("Deleted role %s.", role_name)
except ClientError:
logger.exception("Couldn't delete role %s.", role_name)
raise
- Ruby
-
- SDK for Ruby
-
# Deletes a role and its attached policies.
#
# @param role_name [String] The name of the role to delete.
def delete_role(role_name)
# Detach and delete attached policies
@iam_client.list_attached_role_policies(role_name: role_name).each do |response|
response.attached_policies.each do |policy|
@iam_client.detach_role_policy({
role_name: role_name,
policy_arn: policy.policy_arn
})
# Check if the policy is a customer managed policy (not AWS managed)
unless policy.policy_arn.include?('aws:policy/')
@iam_client.delete_policy({ policy_arn: policy.policy_arn })
@logger.info("Deleted customer managed policy #{policy.policy_name}.")
end
end
end
# Delete the role
@iam_client.delete_role({ role_name: role_name })
@logger.info("Deleted role #{role_name}.")
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't detach policies and delete role #{role_name}. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
- Rust
-
- SDK for Rust
-
pub async fn delete_role(client: &iamClient, role: &Role) -> Result<(), iamError> {
let role = role.clone();
while client
.delete_role()
.role_name(role.role_name())
.send()
.await
.is_err()
{
sleep(Duration::from_secs(2)).await;
}
Ok(())
}
- SAP ABAP
-
- SDK for SAP ABAP
-
TRY.
lo_iam->deleterole( iv_rolename = iv_role_name ).
MESSAGE 'Role deleted successfully.' TYPE 'I'.
CATCH /aws1/cx_iamnosuchentityex.
MESSAGE 'Role does not exist.' TYPE 'E'.
CATCH /aws1/cx_iamdeleteconflictex.
MESSAGE 'Role cannot be deleted due to attached resources.' TYPE 'E'.
ENDTRY.
- Swift
-
- SDK for Swift
-
import AWSIAM
import AWSS3
public func deleteRole(role: IAMClientTypes.Role) async throws {
let input = DeleteRoleInput(
roleName: role.roleName
)
do {
_ = try await iamClient.deleteRole(input: input)
} catch {
print("ERROR: deleteRole:", dump(error))
throw error
}
}
For a complete list of AWS SDK developer guides and code examples, see
Using this service with an AWS SDK.
This topic also includes information about getting started and details about previous SDK versions.
