← All posts
3 min read

IAM Advanced: Delete account password policy from the CLI

#aws#cli#iam-advanced#security#identity
📑 On this page

Part 142 of AWS from Zero. This is lesson 17 in the IAM Advanced track.

What we are learning

Use delete-account-password-policy to remove, stop, release, or detach one IAM Advanced resource in a dependency-aware way. This lesson identifies the required input shape, saves the raw response, and keeps inspection separate from execution.

The AWS CLI operation is aws iam delete-account-password-policy. Required operation inputs: none. The modeled top-level response contains no modeled response body.

Before you run it

aws sts get-caller-identity
REGION="${AWS_REGION:-ap-south-1}"
aws iam delete-account-password-policy help

Use a sandbox account or an approved learning environment. Read the operation help before supplying identifiers, ARNs, network ranges, policy documents, or customer data.

Cost note: IAM itself has no additional charge, but identities can authorize billable services.

The command

aws iam delete-account-password-policy \
  --generate-cli-skeleton input > part-142-request.json
 
# Edit every placeholder in part-142-request.json, then run:
aws iam delete-account-password-policy \
  --cli-input-json file://part-142-request.json \
  --region "$REGION" \
  --output json > part-142-response.json

The response is saved to part-142-response.json so inspection is separate from execution. Review part-142-request.json, replace every placeholder, and remove unsupported optional fields before the real call.

Inspect the result

# A zero-byte response can be normal for operations without a response body.
wc -c part-142-response.json
aws iam help

Compare the returned identifiers and status fields with the account, Region, and resource you intended to target. For asynchronous operations, continue with the service's matching get, list, or describe command until it reaches a terminal state.

One tiny variation

test -s part-142-response.json \
  && node -e "console.log(require('./part-142-response.json'))" \
  || echo "The operation returned no response document."

This variation changes output inspection rather than adding another infrastructure concept. Keep the raw JSON while developing a query so a narrow projection does not hide an error or unexpected field.

Common mistake

Deletion and stop operations can be irreversible or blocked by dependencies. Capture the resource identifier and current configuration before running the final command.

Cleanup

# This operation is read-only, operational, or needs resource-specific rollback.
# Re-read the command output before changing shared infrastructure.
rm -f part-142-request.json part-142-response.json part-142-payload.bin part-142-debug.log

Local request and response files may contain account IDs, ARNs, names, or service configuration. Remove them when the lab is complete and follow dependency-aware cleanup for any AWS resource you created.

Next, we will learn IAM Advanced: Change password from the CLI.

Official AWS CLI reference