无法使用Boto3删除AWS角色策略-NoSuchEntity

我无法使用Boto3从我的AWS帐户中删除角色策略。我得到一个错误：

botocore.errorfactory.NoSuchEntityException：调用DeleteRolePolicy操作时发生错误(NoSuchEntity(：找不到名为potatoman9000Policy的角色策略。

策略和角色是在同一个脚本中创建和删除的。该策略在该特定代码位出现之前被分离。我不知道为什么它会找到策略名称。

以下是创建：

# Create IAM policy and Role
def iam_creation(client_name):
iam_client = boto3.client('iam')
# Policy template
client_onboarding_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
f"arn:aws:s3:::{client_name}"
]
},
{
"Sid": "HomeDirObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject",
"s3:GetObjectVersion"
],
"Resource": f"arn:aws:s3:::{client_name}/*"
}
]
}
# Role template
role_onboarding_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"transfer.amazonaws.com",
"s3.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
# Create policy from template
iam_client.create_policy(
PolicyName=f'{client_name}Policy',
PolicyDocument=json.dumps(client_onboarding_policy)
)
# Create Role from template and create trust relationships
iam_client.create_role(
RoleName=f'{client_name}',
AssumeRolePolicyDocument=json.dumps(role_onboarding_policy)
)
# Attach created policy to created role
iam_client.attach_role_policy(
PolicyArn=f'arn:aws:iam::111111111111:policy/{client_name}Policy',
RoleName=f'{client_name}'
)

创作顺利进行。这是删除

# Delete IAM policy and role
def iam_delete(client_name):
iam_client = boto3.client('iam')
iam_resource = boto3.resource('iam')
role_policy = iam_resource.RolePolicy(f'{client_name}', f'{client_name}Policy')
role = iam_resource.Role(f'{client_name}')
# Detach policy from role
iam_client.detach_role_policy(
PolicyArn=f'arn:aws:iam::111111111111:policy/{client_name}Policy',
RoleName=f'{client_name}'
)
# Delete policy
role_policy.delete()
# Delete role
role.delete()

我想这与我命名角色策略或未命名角色策略的方式有关。我已经确认角色potatoman9000和策略potatoman9000Policy确实存在于IAM中。非常感谢任何帮助

RolePolicy用于内联策略，而不是托管策略。

当您调用delete时，它会出错，因为您使用的是托管策略。从关于删除的文档：

删除嵌入指定IAM角色中的指定内联策略。

若要删除托管策略，应使用delete_policy。

删除指定的托管策略。

相关内容

最新更新

热门标签：