Unable to delete IAM Role

Question

I am trying to delete some bunch of IAM Roles based on conditions like LastUsedDate > 90days, LastCreateDate>90 days etc. In this process some IAM Roles could not be deleted because of : "Cannot delete entity, must remove roles from instance profile first". When I try to get "listInstanceProfilesForRole", I dont get Instance Profiles, I am getting an empty array. If so then why am I not able to delete IAM Role. Please suggest.

Answer

Hi,

From the question I understand that you are trying to delete an IAM role but are getting an error that states "Cannot delete entity, must remove roles from instance profile first". When you try to run the command “list-instance-profiles-for-role” you do not get any instance profiles in the output.

After testing in my account I was not able to replicate this issue. When running the command “list-instance-profiles-for-role” I was able to find the instance profile associated to the IAM role. I then ran the command “remove-role-from-instance-profile” and once that was completed I ran the “delete-role” command with no errors. In order to better troubleshoot this issue I would recommend creating a support case with IAM and providing the specific role name that is experiencing the issue.

I hope you have a great rest of your day!

Unable to delete IAM Role

相关内容