Unable to delete IAM role because of phantom Cognito User Pools


I use CloudFormation to create/delete/update AWS resources.

I deleted a stack containing a user pool and later attempted to recreate it and received the following error in the CloudFormation console:

Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: e26c1912-2af7-4c9c-872d-5234da04c1d9)

Further investigation led me to discover that the following IAM role that is being auto created by my CloudFormation stack was not being deleted:


Attempting to delete this IAM role manually fails with the folliowing error:

Role deletion failed
One or more Cognito userpools using are this Service-liked role

In the IAM console I can then view two User Pools - the problem is they don't exist. They're not in the Cognito console (yes I checked the region), and attempting to use the CLI to view them, etc. results in:

User pool us-east-2_xxxxxxxxx does not exist.

I'm assuming they're phantoms of previous User Pools I created.

What to do now? I'm hoping that maybe they're just existing in a cache somewhere that will get purged, but it is going on a entire day now.

asked 5 years ago441 views
1 Answer

To answer my own question - the phantom user pools seem to persist for a few days then disappear.

answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions