I'm unable to delete a role policy from my AWS account with Boto3. I get an error:
botocore.errorfactory.NoSuchEntityException: An error occurred (NoSuchEntity) when calling the DeleteRolePolicy operation: The role policy with name potatoman9000Policy cannot be found.
The policy and role are created and deleted within the same script. The policy is detached prior to this particular bit of code occurs. I'm not sure why its finding the policy name.
Here is the creation:
# Create IAM policy and Role
def iam_creation(client_name):
iam_client = boto3.client('iam')
# Policy template
client_onboarding_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
f"arn:aws:s3:::{client_name}"
]
},
{
"Sid": "HomeDirObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject",
"s3:GetObjectVersion"
],
"Resource": f"arn:aws:s3:::{client_name}/*"
}
]
}
# Role template
role_onboarding_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"transfer.amazonaws.com",
"s3.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
# Create policy from template
iam_client.create_policy(
PolicyName=f'{client_name}Policy',
PolicyDocument=json.dumps(client_onboarding_policy)
)
# Create Role from template and create trust relationships
iam_client.create_role(
RoleName=f'{client_name}',
AssumeRolePolicyDocument=json.dumps(role_onboarding_policy)
)
# Attach created policy to created role
iam_client.attach_role_policy(
PolicyArn=f'arn:aws:iam::111111111111:policy/{client_name}Policy',
RoleName=f'{client_name}'
)
The creation goes off without any issues. Here is the delete
# Delete IAM policy and role
def iam_delete(client_name):
iam_client = boto3.client('iam')
iam_resource = boto3.resource('iam')
role_policy = iam_resource.RolePolicy(f'{client_name}', f'{client_name}Policy')
role = iam_resource.Role(f'{client_name}')
# Detach policy from role
iam_client.detach_role_policy(
PolicyArn=f'arn:aws:iam::111111111111:policy/{client_name}Policy',
RoleName=f'{client_name}'
)
# Delete policy
role_policy.delete()
# Delete role
role.delete()
I imagine it has something to do with the way I've named the role policy or not named it. I have confirmed that the Role potatoman9000 does exist in IAM as well as the Policy potatoman9000Policy. Any help is greatly appreciated
RolePolicy
is for inline policies , not managed policies.
When you call delete
, it errors out because you are using managed policies. From docs about delete :
Deletes the specified inline policy that is embedded in the specified IAM role.
To delete managed policy you should be using delete_policy .
Deletes the specified managed policy .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.