Python 3.x 无法删除AWS角色策略-Boto3的NoTouchEntity
我无法使用Boto3从我的AWS帐户中删除角色策略。我得到一个错误: botocore.errorfactory.NoSucheEntityException:调用DeleteRolePolicy操作时发生错误(NoSucheEntity):找不到名为potatoman9000Policy的角色策略 在同一脚本中创建和删除策略和角色。该策略在该特定代码位出现之前被分离。我不知道为什么要找到保险单名称 以下是创作:Python 3.x 无法删除AWS角色策略-Boto3的NoTouchEntity,python-3.x,amazon-web-services,boto3,amazon-iam,Python 3.x,Amazon Web Services,Boto3,Amazon Iam,我无法使用Boto3从我的AWS帐户中删除角色策略。我得到一个错误: botocore.errorfactory.NoSucheEntityException:调用DeleteRolePolicy操作时发生错误(NoSucheEntity):找不到名为potatoman9000Policy的角色策略 在同一脚本中创建和删除策略和角色。该策略在该特定代码位出现之前被分离。我不知道为什么要找到保险单名称 以下是创作: # Create IAM policy and Role def iam_crea
# Create IAM policy and Role
def iam_creation(client_name):
iam_client = boto3.client('iam')
# Policy template
client_onboarding_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
f"arn:aws:s3:::{client_name}"
]
},
{
"Sid": "HomeDirObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject",
"s3:GetObjectVersion"
],
"Resource": f"arn:aws:s3:::{client_name}/*"
}
]
}
# Role template
role_onboarding_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"transfer.amazonaws.com",
"s3.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
# Create policy from template
iam_client.create_policy(
PolicyName=f'{client_name}Policy',
PolicyDocument=json.dumps(client_onboarding_policy)
)
# Create Role from template and create trust relationships
iam_client.create_role(
RoleName=f'{client_name}',
AssumeRolePolicyDocument=json.dumps(role_onboarding_policy)
)
# Attach created policy to created role
iam_client.attach_role_policy(
PolicyArn=f'arn:aws:iam::111111111111:policy/{client_name}Policy',
RoleName=f'{client_name}'
)
创建过程没有任何问题。这是删除
# Delete IAM policy and role
def iam_delete(client_name):
iam_client = boto3.client('iam')
iam_resource = boto3.resource('iam')
role_policy = iam_resource.RolePolicy(f'{client_name}', f'{client_name}Policy')
role = iam_resource.Role(f'{client_name}')
# Detach policy from role
iam_client.detach_role_policy(
PolicyArn=f'arn:aws:iam::111111111111:policy/{client_name}Policy',
RoleName=f'{client_name}'
)
# Delete policy
role_policy.delete()
# Delete role
role.delete()
我想这与我命名角色策略的方式有关,或者与我没有命名角色策略有关。我已确认,IAM中确实存在Potatoman 9000角色以及政策Potatoman 9000政策。非常感谢您提供的任何帮助
角色策略
适用于内联策略,而非托管策略
调用delete
时,会出错,因为您使用的是托管策略。
从文档中,关于:
删除嵌入在指定IAM角色中的指定内联策略
要删除托管策略,您应该使用
删除指定的托管策略
成功了!我发誓我以前做过删除政策,但我一定是搞错了。谢谢你的支持help@Thatsnotamuffin很高兴它起作用了。如能接受答复,将不胜感激。