Skip to content

Commit 6f81696

Browse files
committed
fix: detach managed policies before deleting IAM roles on destroy
Signed-off-by: Kyle Hounslow <kylhouns@amazon.com>
1 parent 5461c89 commit 6f81696

1 file changed

Lines changed: 5 additions & 1 deletion

File tree

aws/cli-installer/src/destroy.mjs

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
*/
55
import { OSISClient, DeletePipelineCommand, GetPipelineCommand } from '@aws-sdk/client-osis';
66
import { OpenSearchClient, ListApplicationsCommand, DeleteApplicationCommand, DeleteDirectQueryDataSourceCommand, GetApplicationCommand, DescribeDomainCommand } from '@aws-sdk/client-opensearch';
7-
import { IAMClient, DeleteRolePolicyCommand, DeleteRoleCommand, ListRolePoliciesCommand } from '@aws-sdk/client-iam';
7+
import { IAMClient, DeleteRolePolicyCommand, DeleteRoleCommand, ListRolePoliciesCommand, ListAttachedRolePoliciesCommand, DetachRolePolicyCommand } from '@aws-sdk/client-iam';
88
import { printStep, printSuccess, printWarning, printInfo, createSpinner } from './ui.mjs';
99
import { teardownDemoInstance } from './ec2-demo.mjs';
1010

@@ -126,6 +126,10 @@ export async function destroy(cfg) {
126126
for (const p of PolicyNames || []) {
127127
await iam.send(new DeleteRolePolicyCommand({ RoleName: roleName, PolicyName: p }));
128128
}
129+
const { AttachedPolicies } = await iam.send(new ListAttachedRolePoliciesCommand({ RoleName: roleName }));
130+
for (const p of AttachedPolicies || []) {
131+
await iam.send(new DetachRolePolicyCommand({ RoleName: roleName, PolicyArn: p.PolicyArn }));
132+
}
129133
await iam.send(new DeleteRoleCommand({ RoleName: roleName }));
130134
printSuccess(`IAM role ${roleName} deleted`);
131135
} catch (e) {

0 commit comments

Comments
 (0)