Remediation

Remove Unused IAM Users

Remove IAM users that do not have an enabled console password or active programmatic access keys to reduce administrative overhead and minimize the identity attack surface.

From Console

Sign in to the AWS Management Console.
Navigate to the IAM service.
In the left navigation pane, choose Users.
Select the IAM user you want to remove (refer to the Audit section to identify applicable users).
From the User actions dropdown menu, select Delete user.
In the Delete user dialog, review the associated resources and confirm by selecting Yes, delete.
Repeat steps 4–6 for each unused IAM user in the account.

From Command Line

Run the delete-user command to remove a specified IAM user:

aws iam delete-user \
    --user-name {{user-name}}

Remove Unused IAM Users​

From Console​

From Command Line​

Remove Unused IAM Users

From Console

From Command Line