- 新しい順
- 投票が多い順
- コメントが多い順
Hi There
Is this key attached to an EC2 instance? is it possible the EC2 instance is not fully terminated before you are attempting to delete the key?
When deletion fails (usually 3 after attempts that take a while), on some resources, the Cloudformaiton stack will delete successfully, even though the reasouce is still there.
If it works with admin, but not with the least privileges role, you correctly assume that this is IAM related.
Usually Cloudformaiton to needs read (ec2:Get*
, ec2:List*
, ec2:Describe*
) permission and manage tags (ec2:DeleteTags
and ec2:CreateTags
) not only the ec2:DeleteKeyPair
permission.
Hope it helps!
For me it always succeeds on second attempt. After adding
kms:*
I managed to delete stack on first attempt, but I couldn`t find mention about needing those in https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html
there is no EC2 instance being created. YAML snippet from question can be uploaded as is using
aws cloudformation deploy
command