Revoke permissions from an IAM role

Last updated:2021-10-29 17:57:30

This topic describes how to revoke permissions from an IAM role when the IAM role does not require specific permissions or leaves the enterprise.

Limits

The policy of a service-linked role is defined by the service. You cannot revoke permissions from the role.

Method 1: Revoke permissions from a role on the Roles page

  1. Log in to the IAM console.
  2. In the left navigation pane, click Roles.
  3. On the Roles page, click the name of the target role. The Role details page appears.
  4. Click the Permissions tab. In the policy list, find the target policy and click Revoke in the Actions column.
  5. In the message that appears, click OK.

Method 2: Revoke permissions from a role on the Grants page

  1. Log in to the IAM console.
  2. In the left navigation pane, choose Permissions > Grants. The Grants page appears.
  3. Find the target policy and click Revoke in the Actions column.
  4. In the message that appears, click OK.

Method 3: Revoke permissions from a role on the Policies page

  1. Log in to the IAM console.
  2. In the left navigation pane, choose Permissions > Policies. The Policies page appears.
  3. Click the name of the target policy. The Policy details page appears.
  4. Click the Associated object tab.
  5. Find the target object and click Remove in the Actions column.
  6. In the message that appears, click Confirm.

Did you find the above information helpful?

Unhelpful
Mostly Unhelpful
A little helpful
Helpful
Very helpful

What might be the problems?

Insufficient
Outdated
Unclear or awkward
Redundant or clumsy
Lack of context for the complex system or functionality

More suggestions

0/200

Please give us your feedback.

Submitted

Thank you for your feedback.

问题反馈