Having trouble to delete CloudFormation

Question

I have trouble deleting AWS stack, using both java SDK and AWS cli.

MVP:
```
AWSTemplateFormatVersion: "2010-09-09"
Metadata:
    Generator: "former2"
Description: ""

Resources:
    EC2KeyPair:
        Type: "AWS::EC2::KeyPair"
        Properties:
            PublicKeyMaterial: "foo"
            KeyName: "bar"
            KeyType: "rsa"
```
Deletion attempt KeyPair throws internal error and ends with DELETE_FAILED. After attempting to delete resource for the second time it is succesfull (resource has been fully initalized before first attempt).

Deletion is attempted with least access rights possible (ec2:* ,cloudformation:* ... ), when attempted with admin access delete works on first try.

Answer

When deletion fails (usually 3 after attempts that take a while),  on some resources, the Cloudformaiton stack will delete successfully, even though the reasouce is still there.

If it works with admin, but not with the least privileges role, you correctly assume that this is IAM related.

Usually Cloudformaiton to needs read (`ec2:Get*`, `ec2:List*`, `ec2:Describe*`) permission and manage tags (`ec2:DeleteTags` and `ec2:CreateTags`) not only the `ec2:DeleteKeyPair` permission.

Hope it helps!

Answer

Hi There

Is this key attached to an EC2 instance?  is it possible the EC2 instance is not fully terminated before you are attempting to delete the key?

Having trouble to delete CloudFormation

関連するコンテンツ