[英]Unable to delete AWS Role Policy - NoSuchEntity with Boto3
我無法從 Boto3 的 AWS 賬戶中刪除角色策略。 我收到一個錯誤:
botocore.errorfactory.NoSuchEntityException:調用DeleteRolePolicy操作時發生錯誤(NoSuchEntity):找不到名為potatoman9000Policy的角色策略。
策略和角色在同一腳本中創建和刪除。 在此特定代碼位發生之前,該策略已分離。 我不確定為什么要找到策略名稱。
這是創作:
# Create IAM policy and Role
def iam_creation(client_name):
iam_client = boto3.client('iam')
# Policy template
client_onboarding_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
f"arn:aws:s3:::{client_name}"
]
},
{
"Sid": "HomeDirObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject",
"s3:GetObjectVersion"
],
"Resource": f"arn:aws:s3:::{client_name}/*"
}
]
}
# Role template
role_onboarding_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"transfer.amazonaws.com",
"s3.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
# Create policy from template
iam_client.create_policy(
PolicyName=f'{client_name}Policy',
PolicyDocument=json.dumps(client_onboarding_policy)
)
# Create Role from template and create trust relationships
iam_client.create_role(
RoleName=f'{client_name}',
AssumeRolePolicyDocument=json.dumps(role_onboarding_policy)
)
# Attach created policy to created role
iam_client.attach_role_policy(
PolicyArn=f'arn:aws:iam::111111111111:policy/{client_name}Policy',
RoleName=f'{client_name}'
)
創作順利進行。 這里是刪除
# Delete IAM policy and role
def iam_delete(client_name):
iam_client = boto3.client('iam')
iam_resource = boto3.resource('iam')
role_policy = iam_resource.RolePolicy(f'{client_name}', f'{client_name}Policy')
role = iam_resource.Role(f'{client_name}')
# Detach policy from role
iam_client.detach_role_policy(
PolicyArn=f'arn:aws:iam::111111111111:policy/{client_name}Policy',
RoleName=f'{client_name}'
)
# Delete policy
role_policy.delete()
# Delete role
role.delete()
我想這與我命名角色策略或未命名它的方式有關。 我已經確認 IAM 中確實存在角色 potatoman9000 以及 Policy potatoman9000Policy。 任何幫助是極大的贊賞
RolePolicy
用於內聯策略,而不是托管策略。
當您調用delete
時,它會出錯,因為您使用的是托管策略。 來自關於刪除的文檔:
刪除嵌入在指定 IAM 角色中的指定內聯策略。
要刪除托管策略,您應該使用delete_policy 。
刪除指定的托管策略。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.