Cannot delete AD connector

Question

We have an AD connector that cannot be deleted.   
  
It says the console is still attached as an authorized application.    
  
When I try to disable the console, it says "You cannot disable the AWS Management Console because delegated users are still assigned to it. Remove all users and groups from the IAM roles below and try again."  
  
When I click one of the roles it says "The role 'AWS_PRJ_W' may have been deleted or the role’s trust with AWS Directory Service no longer exists. Either recreate the role and then reassign your delegated users, or edit the trust to repair it."  Even though that seems a little ridiculous (creating more things to enable something else to be deleted),  I gave it a quick try but it still complained about the role.  
  
How do I delete an inoperable AD connector?

Answer

How do I go about requesting a manual fix to this problem?

Answer

We block the deletion of the AD Connector when there are still applications linked to it as a safety precaution to prevent customers from unintentionally breaking an AWS application that is still using the directory.  However, that can sometimes be more frustrating than helpful.  This post is a good example.  The error about "the role’s trust with AWS Directory Service no longer exists" means that the AD Connector is Inoperable because it no longer has access to your domain controllers.  So you have to update your network settings to reestablish connectivity between the AD Connector and your domain in order to delete those roles.  As you have pointed out, this is a lot of work just to delete something.  Therefore, I have manually unauthorized the AWS Management Console from your AD connector.  This will allow you to delete the AD Connector with out any additional work.

Answer

Thank you, that worked well.  The domain this was connected to is no longer accessible so it would have been impossible to delete otherwise!  
  
Brian

Cannot delete AD connector

Relevant content