aws-nuke icon indicating copy to clipboard operation
aws-nuke copied to clipboard

Published 20 hours ago verified publisher icon rebuy-de

Resource deletion says failed with Adminstrator permission when performing aws-nuke

Open Leectan opened this issue 5 years ago • 14 comments

all resources say "failed" when performing aws-nuke. Please see attached and Please advise. Screen Shot 2020-01-24 at 1 04 15 PM

Leectan avatar Jan 24 '20 18:01 Leectan

Hello @Leectan. The actual error messages are located at the end of the aws-nuke output. Those failed resource also might recover. Please show us the end of the output.

svenwltr avatar Jan 25 '20 08:01 svenwltr

Screen Shot 2020-01-25 at 12 39 07 PM

Leectan avatar Jan 25 '20 18:01 Leectan

@svenwltr any update on this?

Leectan avatar Jan 30 '20 21:01 Leectan

Hello @Leectan. Sorry for the late response. It looks like you provided invalid access keys.

svenwltr avatar Jan 31 '20 13:01 svenwltr

@svenwltr double checked access keys without any issue. 2nd time performed with all the failed message.

Leectan avatar Feb 07 '20 19:02 Leectan

@Leectan

Are you able to use the credentials you are providing directly in the aws-cli? Are you using MFA? Do you use assumed roles?

This could potentially help you resolve the problem: https://stackoverflow.com/questions/34582318/how-can-i-resolve-the-error-the-security-token-included-in-the-request-is-inval

bjoernhaeuser avatar Feb 10 '20 06:02 bjoernhaeuser

@bjoernhaeuser yes, I'm using --access-keys and --secret-key perimeters and inject them directly in the CLI. The account doesn't have MFA. Not using assumed roles.

Leectan avatar Feb 25 '20 17:02 Leectan

@bjoernhaeuser yes, I'm using --access-keys and --secret-key perimeters and inject them directly in the CLI. The account doesn't have MFA. Not using assumed roles.

Leectan avatar Feb 25 '20 19:02 Leectan

Still getting error with Admin permission, no MFA. No assumed roles. Any other suggestion is appreciated.

2

Leectan avatar Feb 25 '20 19:02 Leectan

Well, as already said this is highly likely a problem in your configuration. Can you check that the account ids match when you execute aws sts get-caller-identity with the same access/secret key please?

bjoernhaeuser avatar Feb 25 '20 19:02 bjoernhaeuser

also, IAM user and IAM profile that are specified in the config file for filter is also removed when execute the cmd.

3

Leectan avatar Feb 25 '20 20:02 Leectan

@Leectan Can you please check if this command works for your?

AWS_ACCESS_KEY_ID=YOUR_ID AWS_SECRET_ACCESS_KEY=YOUR_SECRET aws iam list-roles

Please replace access key id and secret access key with the same credentials you used for aws-nuke

svenwltr avatar Mar 02 '20 12:03 svenwltr

I am having a similar issue. When I ran the dry-run with the IAM account with admin privilege it listed everything as expected. When I ran the actual nuke I got the failed message many times even though I'm using the same credentials.

Maybe AWS is rate limiting?

rbeede avatar Jun 05 '20 21:06 rbeede

@Leectan @rbeede are you able to run aws-nuke? I am having the same issue.

rahmansamia avatar Dec 21 '21 21:12 rahmansamia