Delete IAM role using AWS Command line

In that blog I will delete a role and delete policies connected with the role. In that example we will delete a role name lambda_start_stop_ec2.

C:\Users\nazmul>aws iam list-roles

{

"Roles": [

{

"AssumeRolePolicyDocument": {

"Version": "2012-10-17",

"Statement": [

{

"Action": "sts:AssumeRole",

"Principal": {

"Service": "dms.amazonaws.com"

},

"Effect": "Allow",

"Sid": ""

}

]

},

"RoleId": "AROAJISUXZJS5Q7IGWORO",

"CreateDate": "2017-04-25T20:35:02Z",

"RoleName": "dms-vpc-role",

"Path": "/",

"Arn": "arn:aws:iam::595762693610:role/dms-vpc-role"

},

{

"AssumeRolePolicyDocument": {

"Version": "2012-10-17",

"Statement": [

{

"Action": "sts:AssumeRole",

"Effect": "Allow",

"Principal": {

"Service": "lambda.amazonaws.com"

}

}

]

},

"RoleId": "AROAJHZ72I3XE4CDLI6AO",

"CreateDate": "2017-05-28T22:34:38Z",

"RoleName": "lambda_start_stop_ec2",

"Path": "/",

"Arn": "arn:aws:iam::595762693610:role/lambda_start_stop_ec2"

}

]

}

C:\Users\nazmul> aws iam delete-role --role-name lambda_start_stop_ec2

An error occurred (DeleteConflict) when calling the DeleteRole operation: Cannot

delete entity, must delete policies first.

We will need to delete the policies first that is connected with the role.

C:\Users\nazmul> aws iam list-role-policies --role-name lambda_start_stop_ec2

{

"PolicyNames": [

"oneClick_lambda_basic_execution_1496012139461",

"oneClick_lambda_basic_execution_1496012245310"

]

}

C:\Users\nazmul>aws iam delete-role-policy --role-name lambda_start_stop_ec2 -

-policy-name oneClick_lambda_basic_execution_1496012139461

C:\Users\nazmul>aws iam list-role-policies --role-name lambda_start_stop_ec2

{

"PolicyNames": [

"oneClick_lambda_basic_execution_1496012245310"

]

}

C:\Users\nazmul>aws iam delete-role-policy --role-name lambda_start_stop_ec2 -

-policy-name oneClick_lambda_basic_execution_1496012245310

C:\Users\nazmul> aws iam delete-role --role-name lambda_start_stop_ec2

C:\Users\nazmul>aws iam list-roles

{

"Roles": [

{

"AssumeRolePolicyDocument": {

"Version": "2012-10-17",

"Statement": [

{

"Action": "sts:AssumeRole",

"Principal": {

"Service": "dms.amazonaws.com"

},

"Effect": "Allow",

"Sid": ""

}

]

},

"RoleId": "AROAJISUXZJS5Q7IGWORO",

"CreateDate": "2017-04-25T20:35:02Z",

"RoleName": "dms-vpc-role",

"Path": "/",

"Arn": "arn:aws:iam::595762693610:role/dms-vpc-role"

}

]

}