Skip to content

Instantly share code, notes, and snippets.

@electblake

electblake/Remove-IAMUser.ps1

Created March 12, 2026 20:12
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save electblake/d19422c07e09fc1696c2411f4cdb3d89 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save electblake/d19422c07e09fc1696c2411f4cdb3d89 to your computer and use it in GitHub Desktop.
Download ZIP
Remove-IAMUser
Raw
Remove-IAMUser.ps1
function Remove-IAMUser {
param([string[]]$Exclude)
$users = (aws iam list-users | ConvertFrom-Json).Users.UserName
if ($Exclude) {
$users = $users | Where-Object {
$u = $_
@($Exclude | Where-Object { $u -match $_ }).Count -eq 0
}
}
Write-Warning "Will delete $($users.Count) users"
if ((Read-Host 'Continue? (YES/no)') -ne 'YES') { return }
$count = @($users).Count
$users | ForEach-Object -Begin { $i = 0 } {
$i++
$user = $_
$pct = [math]::Round(100 * $i / $count)
$ProgressLabel = "[$i/$count] Deleting $user"
Write-Progress $ProgressLabel -Status "$pct%" -CurrentOperation $user -PercentComplete $pct
(aws iam list-access-keys --user-name $user | ConvertFrom-Json).AccessKeyMetadata | % {
Write-Progress $ProgressLabel -Status "$pct% Deleting access key $_.AccessKeyId" -CurrentOperation $user -PercentComplete $pct
aws iam delete-access-key --user-name $user --access-key-id $_.AccessKeyId 2>$null
}
Write-Progress $ProgressLabel -Status "$pct% Deleting login profile" -CurrentOperation $user -PercentComplete $pct
aws iam delete-login-profile --user-name $user 2>$null
(aws iam list-mfa-devices --user-name $user | ConvertFrom-Json).MFADevices | % {
Write-Progress $ProgressLabel -Status "$pct% Deactivating MFA device $_.SerialNumber" -CurrentOperation $user -PercentComplete $pct
aws iam deactivate-mfa-device --user-name $user --serial-number $_.SerialNumber 2>$null
aws iam delete-virtual-mfa-device --serial-number $_.SerialNumber 2>$null
}
(aws iam list-attached-user-policies --user-name $user | ConvertFrom-Json).AttachedPolicies | % {
Write-Progress $ProgressLabel -Status "$pct% Detaching policy $_.PolicyArn" -CurrentOperation $user -PercentComplete $pct
aws iam detach-user-policy --user-name $user --policy-arn $_.PolicyArn 2>$null
}
(aws iam list-groups-for-user --user-name $user | ConvertFrom-Json).Groups | % {
Write-Progress $ProgressLabel -Status "$pct% Removing user from group $_.GroupName" -CurrentOperation $user -PercentComplete $pct
aws iam remove-user-from-group --user-name $user --group-name $_.GroupName 2>$null
}
(aws iam list-user-policies --user-name $user | ConvertFrom-Json).PolicyNames | % {
Write-Progress $ProgressLabel -Status "$pct% Deleting user policy $_" -CurrentOperation $user -PercentComplete $pct
aws iam delete-user-policy --user-name $user --policy-name $_ 2>$null
}
Write-Progress $ProgressLabel -Status "$pct% Deleting user" -CurrentOperation $user -PercentComplete $pct
aws iam delete-user --user-name $user 2>$null
}
Write-Progress $ProgressLabel -Completed
Write-Host "Done." -ForegroundColor Green
}
@electblake
Copy link
Author

electblake commented Mar 12, 2026 

AWS ❯ . ./Remove-IAMUser.ps1
AWS ❯ Remove-IAMUser -Exclude bedwards, apps_platform_dev,App_Platform_Staging  -Verbose
WARNING: Will delete 61 users
Continue? (YES/no): YES
[8/61] Deleting jstrom [13% Detaching policy @{PolicyName=IAMUserChangePassword; PolicyArn=arn:aws:iam::aws:poli…]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment