Mercurial Mercurial > hg-stable / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
automation: detach policies before deleting role
authorGregory Szorc <gregory.szorc@gmail.com>
Fri, 19 Apr 2019 05:15:43 -0700
changeset 42303 fcb97cb91ff8
parent 42302 730edbd836d8
child 42304 dd6a9723ae2b
automation: detach policies before deleting role You can't delete an IAM role that has attached policies. With this change, the purge-ec2-resources command now works. Differential Revision: https://phab.mercurial-scm.org/D6284
contrib/automation/hgautomation/aws.py file | annotate | diff | comparison | revisions 
--- a/contrib/automation/hgautomation/aws.py	Fri Apr 19 05:07:44 2019 -0700
+++ b/contrib/automation/hgautomation/aws.py	Fri Apr 19 05:15:43 2019 -0700
@@ -505,6 +505,10 @@
 
     for role in iamresource.roles.all():
         if role.name.startswith(prefix):
+            for p in role.attached_policies.all():
+                print('detaching policy %s from %s' % (p.arn, role.name))
+                role.detach_policy(PolicyArn=p.arn)
+
             print('removing role %s' % role.name)
             role.delete()
hg-stable