Amazon web services 由于附加的策略，无法删除角色_Amazon Web Services

Amazon web services 由于附加的策略，无法删除角色

amazon-web-services

Amazon web services 由于附加的策略，无法删除角色,amazon-web-services,Amazon Web Services,Im动态创建具有附加策略的角色 var pr = new CreateRoleRequest { RoleName = roleName, AssumeRolePolicyDocument = asspoly.ToJson(), }; var resp = await _iamService.CreateRoleAsync(pr); if (resp == null || resp.HttpStatusCode != HttpStatusCode.OK) { throw new E

Im动态创建具有附加策略的角色

var pr = new CreateRoleRequest
{
  RoleName = roleName,
  AssumeRolePolicyDocument = asspoly.ToJson(),
};
var resp = await _iamService.CreateRoleAsync(pr);

if (resp == null || resp.HttpStatusCode != HttpStatusCode.OK)
{
  throw new Exception($"Could not create role: {resp.HttpStatusCode}");
}

var gresp = await _iamService.AttachRolePolicyAsync(new AttachRolePolicyRequest { RoleName = roleName, PolicyArn = GetPolicyARN(MakeRolePolicyName(agentID)) });
if (gresp == null || gresp.HttpStatusCode != HttpStatusCode.OK)
{
  throw new Exception($"Could not attach policy to role: {resp.HttpStatusCode}");
}

这似乎很好，但我还需要删除此角色。要删除角色，我需要先分离策略

var allpolys = await _iamService.ListRolePoliciesAsync(new ListRolePoliciesRequest { RoleName = roleName, MaxItems = 10 });
foreach (var poly in allpolys.PolicyNames)
{
  var polyArn = GetPolicyARN(poly);

  var dresp = await _iamService.DetachRolePolicyAsync(new DetachRolePolicyRequest { RoleName = roleName, PolicyArn = polyArn });
  if (dresp == null || dresp.HttpStatusCode != HttpStatusCode.OK)
  {
    throw new Exception($"Could not detach role policy: {poly}");
  }
}

问题是，ListrolePolicys返回一个空列表（来自c#和cli），但控制台显示策略确实已附加

这里缺少什么？

API返回内联策略。要查询附加的策略，请改用API

有人肯定会说，

列出内联角色策略

对于前者来说是一个比较容易混淆的名称

AWS文件和IAM术语注释：

起初，我并不清楚“依附”和“管理”本质上是同一回事。附加的策略为“AWS管理”或“客户管理”

既然你告诉我了，就有点明显了：）谢谢你！