我无法从Boto3的AWS账户中删除角色策略。我收到错误消息:
botocore.errorfactory.NoSuchEntityException:调用DeleteRolePolicy操作时发生错误(NoSuchEntity):找不到名称为potatoman9000Policy的角色策略。
在同一脚本中创建和删除策略和角色。在此特定的代码位出现之前,将分离策略。我不确定为什么它会找到策略名称。
这是创作物:
# Create IAM policy and Role
def iam_creation(client_name):
iam_client = boto3.client('iam')
# Policy template
client_onboarding_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
f"arn:aws:s3:::{client_name}"
]
},
{
"Sid": "HomeDirObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject",
"s3:GetObjectVersion"
],
"Resource": f"arn:aws:s3:::{client_name}/*"
}
]
}
# Role template
role_onboarding_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"transfer.amazonaws.com",
"s3.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
# Create policy from template
iam_client.create_policy(
PolicyName=f'{client_name}Policy',
PolicyDocument=json.dumps(client_onboarding_policy)
)
# Create Role from template and create trust relationships
iam_client.create_role(
RoleName=f'{client_name}',
AssumeRolePolicyDocument=json.dumps(role_onboarding_policy)
)
# Attach created policy to created role
iam_client.attach_role_policy(
PolicyArn=f'arn:aws:iam::111111111111:policy/{client_name}Policy',
RoleName=f'{client_name}'
)
创建顺利进行,没有任何问题。这是删除
# Delete IAM policy and role
def iam_delete(client_name):
iam_client = boto3.client('iam')
iam_resource = boto3.resource('iam')
role_policy = iam_resource.RolePolicy(f'{client_name}', f'{client_name}Policy')
role = iam_resource.Role(f'{client_name}')
# Detach policy from role
iam_client.detach_role_policy(
PolicyArn=f'arn:aws:iam::111111111111:policy/{client_name}Policy',
RoleName=f'{client_name}'
)
# Delete policy
role_policy.delete()
# Delete role
role.delete()
我想这与我命名角色策略或未命名角色策略有关。我已经确认IAM中确实存在角色potatoman9000以及策略potatoman9000Policy。任何帮助将不胜感激
答案 0 :(得分:1)
RolePolicy
适用于内联策略,而非托管策略。
调用delete
时,它会出错,因为您正在使用托管策略。
来自有关delete的文档:
删除嵌入在指定IAM角色中的指定内联策略。
要删除托管策略,您应该使用delete_policy。
删除指定的托管策略。