I use CloudFormation to create/delete/update AWS resources.
I deleted a stack containing a user pool and later attempted to recreate it and received the following error in the CloudFormation console:
Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: e26c1912-2af7-4c9c-872d-5234da04c1d9)
Further investigation led me to discover that the following IAM role that is being auto created by my CloudFormation stack was not being deleted:
AWSServiceRoleForAmazonCognitoIdpEmailService
Attempting to delete this IAM role manually fails with the folliowing error:
Role deletion failed
One or more Cognito userpools using are this Service-liked role
In the IAM console I can then view two User Pools - the problem is they don't exist. They're not in the Cognito console (yes I checked the region), and attempting to use the CLI to view them, etc. results in:
User pool us-east-2_xxxxxxxxx does not exist.
I'm assuming they're phantoms of previous User Pools I created.
What to do now? I'm hoping that maybe they're just existing in a cache somewhere that will get purged, but it is going on a entire day now.
AWS OFFICIALUpdated 5 months ago
