Fatal编程技术网
  • python-3.x/
  • Python 3.x 无法删除AWS角色策略-Boto3的NoTouchEntity

Python 3.x 无法删除AWS角色策略-Boto3的NoTouchEntity

python-3.x amazon-web-services

Python 3.x 无法删除AWS角色策略-Boto3的NoTouchEntity,python-3.x,amazon-web-services,boto3,amazon-iam,Python 3.x,Amazon Web Services,Boto3,Amazon Iam,我无法使用Boto3从我的AWS帐户中删除角色策略。我得到一个错误: botocore.errorfactory.NoSucheEntityException:调用DeleteRolePolicy操作时发生错误(NoSucheEntity):找不到名为potatoman9000Policy的角色策略 在同一脚本中创建和删除策略和角色。该策略在该特定代码位出现之前被分离。我不知道为什么要找到保险单名称 以下是创作: # Create IAM policy and Role def iam_crea

我无法使用Boto3从我的AWS帐户中删除角色策略。我得到一个错误:

botocore.errorfactory.NoSucheEntityException:调用DeleteRolePolicy操作时发生错误(NoSucheEntity):找不到名为potatoman9000Policy的角色策略

在同一脚本中创建和删除策略和角色。该策略在该特定代码位出现之前被分离。我不知道为什么要找到保险单名称

以下是创作:

# Create IAM policy and Role
def iam_creation(client_name):
    iam_client = boto3.client('iam')

    # Policy template
    client_onboarding_policy = {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "AllowListingOfUserFolder",
                "Action": [
                    "s3:ListBucket",
                    "s3:GetBucketLocation"
                ],
                "Effect": "Allow",
                "Resource": [
                    f"arn:aws:s3:::{client_name}"
                ]
            },
            {
                "Sid": "HomeDirObjectAccess",
                "Effect": "Allow",
                "Action": [
                    "s3:PutObject",
                    "s3:GetObject",
                    "s3:DeleteObjectVersion",
                    "s3:DeleteObject",
                    "s3:GetObjectVersion"
                    ],
                    "Resource": f"arn:aws:s3:::{client_name}/*"
            }
        ]
    }

    # Role template
    role_onboarding_policy = {
        "Version": "2012-10-17",
        "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "transfer.amazonaws.com",
                    "s3.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
        ]
    }

    # Create policy from template
    iam_client.create_policy(
        PolicyName=f'{client_name}Policy',
        PolicyDocument=json.dumps(client_onboarding_policy)
    )

    # Create Role from template and create trust relationships
    iam_client.create_role(
        RoleName=f'{client_name}',
        AssumeRolePolicyDocument=json.dumps(role_onboarding_policy)
    )

    # Attach created policy to created role
    iam_client.attach_role_policy(
        PolicyArn=f'arn:aws:iam::111111111111:policy/{client_name}Policy',
        RoleName=f'{client_name}'
    )
创建过程没有任何问题。这是删除

# Delete IAM policy and role
def iam_delete(client_name):
    iam_client = boto3.client('iam')
    iam_resource = boto3.resource('iam')
    role_policy = iam_resource.RolePolicy(f'{client_name}', f'{client_name}Policy')
    role = iam_resource.Role(f'{client_name}')

    # Detach policy from role
    iam_client.detach_role_policy(
        PolicyArn=f'arn:aws:iam::111111111111:policy/{client_name}Policy',
        RoleName=f'{client_name}'
    )

    # Delete policy
    role_policy.delete()

    # Delete role
    role.delete()
我想这与我命名角色策略的方式有关,或者与我没有命名角色策略有关。我已确认,IAM中确实存在Potatoman 9000角色以及政策Potatoman 9000政策。非常感谢您提供的任何帮助

角色策略
适用于内联策略,而非托管策略

调用
delete
时,会出错,因为您使用的是托管策略。 从文档中,关于:

删除嵌入在指定IAM角色中的指定内联策略

要删除托管策略,您应该使用

删除指定的托管策略

成功了!我发誓我以前做过删除政策,但我一定是搞错了。谢谢你的支持help@Thatsnotamuffin很高兴它起作用了。如能接受答复,将不胜感激。