Revoking Aimably's AWS Access

Aimably Documentation > Data Integrations > Revoking Aimably's AWS Access

Aimably uses roles with limited permission sets to work with your AWS account(s) and organization(s). Only IAM users with advanced permissions in AWS accounts can add or remove these roles. Therefore, revoking Aimably's access to your AWS organization must be performed in your AWS Management Console.


Aimably Access Removal

Aimably's access is granted via a custom IAM role that is prefixed with the name 'Aimably-IAM-Role.' To revoke access, start by signing in to the managing account's AWS Management Console with a user possessing sufficient permissions to create IAM StackSets, roles, and policies in that account.'

Next, in the search bar at the top of the page type 'IAM' and select the first option in the Features search results to launch the IAM manager.

Next, select 'Roles' from the left side menu in the IAM manager.

Then, find the Aimably-IAM-Role in the list of permitted roles. Check the box next to the role name and click Delete.

Congratulations! Basic Aimably access to your AWS organization has been revoked. No future data can be synced with Aimably.


StackSet Inter-Account Access Removal

If your company required StackSet implementation to grant access to blocked member accounts, you will also want to remove the StackSet from your organization as it was installed purely for Aimably purposes. This is not required as Aimably cannot access these roles directly, however removing the StackSet will keep your account clean.

Start by typing 'StackSets' into the search bar at the top of the page and select the first option in the Features search results to launch the StackSets manager.

Next, find the Aimably StackSet and click on the name.

Using the Actions button in the top right of the screen, click Delete Stacks. This process can take some time.

Once all Stack Instances are deleted, use the Actions button to delete the StackSet entirely.

Congratulations! StackSet Access between your managing and member accounts has been removed.


For more information on Aimably's connection with AWS, please refer to this guide: FAQ: Understanding How Aimably Retrieves AWS Account Data