remove effected inline policy

Hello Team,

Could you please help me to know how can we delete an inline police which doesn't exists outside a role that is when there is no identity attached to it. and we would like remove it as its coming up in the effected policies.

Regards, Viswa Jenny

Topics

Security, Identity, & Compliance

Tags

AWS Identity and Access Management IAM Policies

Language

English

Viswa

asked a year ago274 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

The steps to do this in the AWS Console are at https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html#remove-policies-console

With the AWS CLI use aws iam delete-role-policy --role-name [my_role] --policy-name [my_inline_policy] https://docs.aws.amazon.com/cli/latest/reference/iam/delete-role-policy.html

EXPERT

Steve_M

answered a year ago

Viswa
a year ago
But as per my understanding the inline policy doesn't exists outside a role, so how can we do that?

Steve_M EXPERT

a year ago

In AWS Console create MyTestRole, with a managed policy (EC2 Full Access) and an inline policy.

$ aws iam get-role --role-name MyTestRole
{
    "Role": {
        "Path": "/",
        "RoleName": "MyTestRole",
        "RoleId": "ABCDEFGHIJKLMNOPQRSTU",
        "Arn": "arn:aws:iam::999999999999:role/MyTestRole",
        "CreateDate": "2023-05-08T01:05:52+00:00",
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Principal": {
                        "Service": "ec2.amazonaws.com"
                    },
                    "Action": "sts:AssumeRole"
                }
            ]
        },
        "Description": "Allows EC2 instances to call AWS services on your behalf.",
        "MaxSessionDuration": 3600,
        "RoleLastUsed": {}
    }
}
$ aws iam list-role-policies --role-name MyTestRole
{
    "PolicyNames": [
        "TestInlinePolicy"
    ]
}

Delete the inline policy:

$ aws iam delete-role-policy --role-name MyTestRole --policy-name TestInlinePolicy
$ aws iam list-role-policies --role-name MyTestRole
{
    "PolicyNames": []
}

Back on the AWS Console the role only has the managed policy, and no inline policy any more.

Viswa
a year ago
yeah maybe its correct if the role exists. But in my case the policy itself can't be opened, it just popped in the notification that this policy is effected to which no role is attached.
Steve_M EXPERT
a year ago
OK, so there's an inline policy that is not embedded within any user/group/role, but yet still exists.

Is it definitely inline policy, and not a customer-managed policy ?

What is the output of aws iam list-policies --scope=Local

Relevant content

Issue with Inline Policy
Accepted Answer
Arjun Goel
asked 2 months ago
Amazon EKS inline policy ( custom policy)
Naveen
asked a month ago
Attach an existing policy to an existing role in CloudFormation
Accepted Answer
EXPERT
Alex_T
asked 4 years ago
When I am adding an inline policy to the user. It is saying memory exceeded
rePost-User-1788057
asked a year ago
How can I attach an IAM managed policy to an IAM role in AWS CloudFormation?
AWS OFFICIALUpdated 3 years ago
How can I restrict access to a specific IAM role session using an IAM identity-based policy?
AWS OFFICIALUpdated 2 years ago
How can I deploy an Amazon SageMaker model to a different AWS account?
AWS OFFICIALUpdated 9 months ago
How can I avoid getting a PackedPolicyTooLarge error when I assume an IAM role via AWS STS?
AWS OFFICIALUpdated a year ago
Why do I get an error "The snapshot is currently in use by AMI" when I try to delete an EBS snapshot, even though there is no AMI on the account?
EXPERT
Dnyaneshwar Bhosale DB
published 5 months ago
How to use re:Post to help you harness generative AI on AWS
EXPERT
Stuart Myles
published a year ago