Delete IAM role using AWS Command line

In that blog I will delete a role and delete policies connected with the role. In that example we will delete a role name lambda_start_stop_ec2.

C:\Users\nazmul>aws iam list-roles
{
    "Roles": [
        {
            "AssumeRolePolicyDocument": {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Action": "sts:AssumeRole",
                        "Principal": {
                            "Service": "dms.amazonaws.com"
                        },
                        "Effect": "Allow",
                        "Sid": ""
                    }
                ]
            },
            "RoleId": "AROAJISUXZJS5Q7IGWORO",
            "CreateDate": "2017-04-25T20:35:02Z",
            "RoleName": "dms-vpc-role",
            "Path": "/",
            "Arn": "arn:aws:iam::595762693610:role/dms-vpc-role"
        },
        {
            "AssumeRolePolicyDocument": {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Action": "sts:AssumeRole",
                        "Effect": "Allow",
                        "Principal": {
                            "Service": "lambda.amazonaws.com"
                        }
                    }
                ]
            },
            "RoleId": "AROAJHZ72I3XE4CDLI6AO",
            "CreateDate": "2017-05-28T22:34:38Z",
            "RoleName": "lambda_start_stop_ec2",
            "Path": "/",
            "Arn": "arn:aws:iam::595762693610:role/lambda_start_stop_ec2"
        }
    ]
}

C:\Users\nazmul> aws iam delete-role --role-name lambda_start_stop_ec2

An error occurred (DeleteConflict) when calling the DeleteRole operation: Cannot
 delete entity, must delete policies first.

We will need to delete the policies first that is connected with the role.


C:\Users\nazmul> aws iam list-role-policies --role-name lambda_start_stop_ec2
{
    "PolicyNames": [
        "oneClick_lambda_basic_execution_1496012139461",
        "oneClick_lambda_basic_execution_1496012245310"
    ]
}


C:\Users\nazmul>aws iam delete-role-policy --role-name lambda_start_stop_ec2 -
-policy-name oneClick_lambda_basic_execution_1496012139461

C:\Users\nazmul>aws iam list-role-policies --role-name lambda_start_stop_ec2
{
    "PolicyNames": [
        "oneClick_lambda_basic_execution_1496012245310"
    ]
}

C:\Users\nazmul>aws iam delete-role-policy --role-name lambda_start_stop_ec2 -
-policy-name oneClick_lambda_basic_execution_1496012245310

C:\Users\nazmul> aws iam delete-role --role-name lambda_start_stop_ec2

C:\Users\nazmul>aws iam list-roles

{

    "Roles": [

        {

            "AssumeRolePolicyDocument": {

                "Version": "2012-10-17",

                "Statement": [

                    {

                        "Action": "sts:AssumeRole",

                        "Principal": {

                            "Service": "dms.amazonaws.com"

                        },

                        "Effect": "Allow",

                        "Sid": ""

                    }

                ]

            },

            "RoleId": "AROAJISUXZJS5Q7IGWORO",

            "CreateDate": "2017-04-25T20:35:02Z",

            "RoleName": "dms-vpc-role",

            "Path": "/",

            "Arn": "arn:aws:iam::595762693610:role/dms-vpc-role"

        }

    ]

}

Comments