Deleting Amazon Verified Permissions policy store aliases
You can delete a policy store alias when it is no longer needed. Deleting a policy store alias does not affect the associated policy store. Deleting a policy store deletes all policy store aliases associated with that policy store.
Amazon Verified Permissions supports two deletion modes for policy store aliases:
-
Soft delete (default): The policy store alias enters a
PendingDeletionstate. The policy store alias name is reserved for 24 hours and cannot be reused during this period. During this period,GetPolicyStoreAliasreturns the policy store alias with thePendingDeletionstate. This is the default behavior when you don't specify adeletionMode, or when you specifySoftDelete. -
Hard delete: The policy store alias is immediately deleted. The policy store alias name becomes available for reuse immediately. To perform a hard delete, specify
HardDeleteas thedeletionMode.
Soft deleting a policy store alias
By default, deleting a policy store alias performs a soft delete. The policy store alias enters the PendingDeletion state and the policy store alias name is reserved for 24 hours.
Hard deleting a policy store alias
To immediately delete a policy store alias, specify HardDelete as the deletionMode. A hard-deleted policy store alias does not enter the PendingDeletion state and the policy store alias name becomes available for reuse immediately.
If you hard delete a policy store alias that was previously soft deleted, the policy store alias is immediately deleted.
Important
Amazon Verified Permissions is eventually consistent. If you hard delete a policy store alias and immediately recreate it to point to a different policy store, requests that reference the policy store alias may continue to resolve to the previously associated policy store for a short period of time. To avoid unexpected authorization results, allow time for the deletion to propagate before recreating a policy store alias with the same name.
