Delete IAM role using AWS Command line
In that blog I will delete a role and delete policies connected with the role. In that example we will delete a role name lambda_start_stop_ec2.
C:\Users\nazmul>aws iam list-roles
{
"Roles": [
{
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "dms.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
},
"RoleId": "AROAJISUXZJS5Q7IGWORO",
"CreateDate": "2017-04-25T20:35:02Z",
"RoleName": "dms-vpc-role",
"Path": "/",
"Arn": "arn:aws:iam::595762693610:role/dms-vpc-role"
},
{
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
]
},
"RoleId": "AROAJHZ72I3XE4CDLI6AO",
"CreateDate": "2017-05-28T22:34:38Z",
"RoleName": "lambda_start_stop_ec2",
"Path": "/",
"Arn": "arn:aws:iam::595762693610:role/lambda_start_stop_ec2"
}
]
}
C:\Users\nazmul> aws iam delete-role --role-name lambda_start_stop_ec2
An error occurred (DeleteConflict) when calling the DeleteRole operation: Cannot
delete entity, must delete policies first.
We will need to delete the policies first that is connected with the role.
C:\Users\nazmul> aws iam list-role-policies --role-name lambda_start_stop_ec2
{
"PolicyNames": [
"oneClick_lambda_basic_execution_1496012139461",
"oneClick_lambda_basic_execution_1496012245310"
]
}
C:\Users\nazmul>aws iam delete-role-policy --role-name lambda_start_stop_ec2 -
-policy-name oneClick_lambda_basic_execution_1496012139461
C:\Users\nazmul>aws iam list-role-policies --role-name lambda_start_stop_ec2
{
"PolicyNames": [
"oneClick_lambda_basic_execution_1496012245310"
]
}
C:\Users\nazmul>aws iam delete-role-policy --role-name lambda_start_stop_ec2 -
-policy-name oneClick_lambda_basic_execution_1496012245310
C:\Users\nazmul> aws iam delete-role --role-name lambda_start_stop_ec2
C:\Users\nazmul>aws iam list-roles
{
"Roles": [
{
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "dms.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
},
"RoleId": "AROAJISUXZJS5Q7IGWORO",
"CreateDate": "2017-04-25T20:35:02Z",
"RoleName": "dms-vpc-role",
"Path": "/",
"Arn": "arn:aws:iam::595762693610:role/dms-vpc-role"
}
]
}