Skip to main content
NetApp Knowledge Base

Can I remove an AWS IAM User used for deploying an Agent?

  1. Last updated
  2. Save as PDF
Views:
2
Visibility:
Public
Votes:
0
Category:
cloud-manager
Specialty:
cloud
Last Updated:

Applies to

  • NetApp Console Agent
  • AWS IAM

Answer

There may be an inactive AWS IAM user or a user that is periodically active on IAM and FSx to check for new resources. This User is typically used to deploy the Agent initially, but the agent will then use an IAM Role rather than the user.

The inactive IAM user can be safely deleted from AWS if you have confirmed that:
  • The new agent is deployed and using an IAM role.
  • The old IAM user is not attached to any active resources, policies, or automation.
  • There are no access keys or policies in use by this user for backup, automation, or other workloads.
Recommended Steps:
  • Review all resources and policies in AWS to ensure the IAM user is not in use.
  • Disable the user’s access keys and permissions temporarily instead of deleting.
  • Monitor for any failures or alerts in CVO or related automation.
  • If no issues arise, proceed with deletion.

Additional Information

additionalInformation_text
NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.