By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Role creation failed and the status reason displayed was policy deprecated, which was not used on the template.

0

On creation of the stack a role should be created using managed policies.

ManagedPolicyArns:
        - "arn:aws:iam::aws:policy/AWSLambda_FullAccess"
        - "arn:aws:iam::aws:policy/AWSLambdaExecute"
        - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
        - "arn:aws:iam::aws:policy/service-role/AWSLambdaRole"

So, the role creation failed and the status reason is the following:

Policy arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess does not exist or is not attachable. (Service: AmazonIdentityManagement; Status Code: 404; Error Code: NoSuchEntity; Request ID: xxxxxx-xxxx-xxxx-xxxxxxx-xxxxxxxxx; Proxy: null)

There is no mention to this obsolete policy in any template. Ansible and CloudFormation were used in the development of the solution.

  • Ross Wickman
    a year ago

    Could you supply the template, please? This isn't enough context. There may be other resources in the template or references requesting that Policy.

Topics
ServerlessComputeSecurity, Identity, & ComplianceManagement & Governance
Tags
AWS LambdaSecurity, Identity, & ComplianceAWS Identity and Access ManagementAWS CloudFormationIAM Policies
Language
English
rePost-User-7450072
asked a year ago1187 views
1 Answer
1
Accepted Answer

Hi there, it looks like you are experiencing an error during the creation of a role using managed policies. The error message mentions that the policy arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess does not exist or is not attachable.

This error occurred because the policy arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess is no longer available or attachable in AWS. It may have been removed or deprecated by AWS, and therefore cannot be used in the creation of the role.

If the obsolete policy is not mentioned in any of the templates or configuration files, there could be several possible reasons for the error. Here are a few suggestions for further investigation:

  • Check the role creation process for any manual additions or modifications that may have included the obsolete policy. It is possible that the policy was added to the role without proper verification, or without realizing that it is no longer available.

  • Check the AWS IAM console to see if the obsolete policy is still available in your account. It is possible that the policy was previously attached to the role, but has since been removed or detached.

  • Reach out to AWS support for assistance in troubleshooting the issue. They may be able to provide more information or guidance on how to resolve the error.

profile pictureAWS
Dylan Souvage
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content