From Portal:
Perform the following to detach the policy that has excessive administrative privileges:
1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
2. In the navigation pane, click Policies and then search for the policy name.
3. Select the policy that needs to be deleted.
4. In the policy action menu, select first Detach.
5. Select all Users, Groups, Roles that have this policy attached.
6. Click Detach Policy.
7. In the policy action menu, select Detach.

From Command Line:
1. Lists all IAM users, groups, and roles that the specified managed policy is attached to, identify and note any excessive privileges.
aws iam list-entities-for-policy –policy-arn policy_arn
2. Detach the policy from all IAM Users:
aws iam detach-user-policy –user-name iam_user –policy-arn policy_arn
3. Detach the policy from all IAM Groups:
aws iam detach-group-policy –group-name iam_group –policy-arn policy_arn
4. Detach the policy from all IAM Roles:
aws iam detach-role-policy –role-name iam_role –policy-arn policy_arn

References:
1. https://docs.amazonaws.cn/en_us/IAM/latest/UserGuide/best-practices.html#grant-least-privilege
2. https://docs.amazonaws.cn/en_us/IAM/latest/UserGuide/access_policies.html
3. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/detach-group-policy.html
4. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/detach-role-policy.html
5. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/detach-user-policy.html
6. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/list-entities-for-policy.html