This works too but it also requires you to create a new role or at least know of a role that has permissions to remove the CloudFormation stack and its associated resources which usually leads you back to my suggestion. This also reduces your overall security posture.Īnother respondent suggested to delete the stack using a role that has the permissions to delete that stack as shown below.Īws cloudformation delete-stack -role-arn arn:aws:iam::xxxx:role/anyrolewithpermissions -stack-name StuckStack ![]() ![]() This leads to a mess of IAM resources that exist – but are never removed – in AWS accounts. The problem with this is that there are numerous manual steps and there is a pretty good chance you’re going to forget to remove the role after you created it. I responded to the query indicating that the user should create an IAM Role of the same name listed in the error, then remove the CloudFormation stack and, finally, remove the role. In this case, an IAM Role used by the stack either got deleted manually or by another stack when it was deleted.Ī few years back, someone asked about this problem on Stack Overflow: Unable to delete cfn stack, role is invalid or cannot be assumed. Role arn:aws:iam::123456789012:role/CloudFormationTrustRole-2CDE9F7RUUTH is invalid or cannot be assumed One of the things I have come across many times over the years is attempting to delete an AWS CloudFormation Stack and getting an error like this:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |