aws-nuke icon indicating copy to clipboard operation
aws-nuke copied to clipboard

Published 20 hours ago verified publisher icon rebuy-de

Filtered IAMUserPolicyAttachment detached

Open gargamile opened this issue 3 years ago • 0 comments

Following the example from the README.md, the AdministratorAccess policy is always detached after deleting some resources. I need to re-attach the AWS default policy AdministratorAccess a few times to completely nuke the account. Has anyone else experienced this?

accounts: "000000000000": filters: IAMUser: - "aws-nuke" IAMUserPolicyAttachment: - "aws-nuke -> AdministratorAccess" IAMUserAccessKey: - "aws-nuke -> ABCDEFGHIJKLMNOPQRST"

The logs show the AdministratorAccess policy being triggered to remove: global - IAMUserPolicyAttachment - aws-nuke -> AdministratorAccess - [PolicyArn: "arn:aws:iam::aws:policy/AdministratorAccess", PolicyName: "AdministratorAccess", UserName: "aws-nuke", tag:user:temp: "destruction"] - triggered remove

...many resources are deleted, then the policy is detached:

ERRO[1322] AccessDenied: User: arn:aws:iam::000000000000:user/aws-nuke is not authorized to perform: iam:ListRoles on resource: arn:aws:iam::000000000000:role/ because no identity-based policy allows the iam:ListRoles action status code: 403

gargamile avatar Jul 08 '22 05:07 gargamile