Overview

Records when an AWS IAM policy is deleted via the DeletePolicy API operation. This is a critical security event as it permanently removes permission definitions that may be attached to users, groups, or roles.

When Generated:
  • When an administrator deletes an IAM policy via AWS Console
  • When DeletePolicy API is called programmatically (CLI, SDK, Terraform)
  • During automated policy cleanup processes
  • When cleaning up test or temporary policies
  • During security incident response (removing compromised policies)
Security Relevance: Critical
Compliance: SOC 2 PCI DSS HIPAA SOX ISO 27001 NIST
Frequency Notes: Low frequency event - policy deletions are infrequent but critical administrative actions

Resources

Documentation
Tools

Generation Configuration

Base Frequency: 3 events/hour
Time Patterns: business_hours night_hours weekend
Business Hours Multiplier: 3.0x
Night Hours Multiplier: 0.2x
Weekend Multiplier: 0.1x
Details
iam_delete_policy
Event Type
12
Fields
Low
Frequency
6
Tags
Tags:
aws iam policy delete security permissions
Feedback
No ratings yet