Question 207229 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – AWS cloudformation: Unable to delete a stack

I have created a simple cloudformation

Resources:
  MyNewEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-0b16d80945b1a9c7d
      InstanceType: t2.micro
      SubnetId: subnet-0cc709c048a0ec292
      SecurityGroupIds:
        - sg-09cd08e7081541ada
      KeyName: stg-emr-test

The stack was successfully created. I was able to ssh into the ec2 instance. but now i want to remove this stack. i.e the Ec2 instance

and later tried to delete it. Its failing

enter image description here

I saw the error in events
enter image description here

Tags:

2

Answers


  1. 0

    The logged in user has the rights to create, but not terminate/delete.

    Make sure that the correct permissions (via AWS IAM) are assoicated to the user to perform any action within the AWS account

    Login or Signup to reply.
  2. 0

    As assumed above, there is no allow or there is an explicit deny action in a Policy. However, it’s clear to me, it’s not in IAM if you are asking how come i am able to create but not able to delete. Plus, an encoded message, usually, is a sign of AWS Organization being used.

    It has to be an SCP applied on your account. Check the Policy evaluation logic.
    Additionally, double-check Permissions boundaries and IAM Policy to alleviate any uncertainties or doubts

    It’s also advisable to decode the error:

    aws sts decode-authorization-message --encoded-message dXNlcixhcm4sdXNlcl9jcmVhdGlvbl90aW1lLHBhc3N3b3JkX2VuYWJsZWQscGFzc3dvcmRfbGFzdF91c2VkLHBhc3N3b3JkX2xhc3RfY2hhbmdlZCxwYXNzd29yZF9uZXh0X3JvdGF0aW9uLG1mYV9hY3RpdmUsYWNjZXNzX2tleV8xX2FjdGl2ZSxhY2Nlc3Nfa2V5XzFfbGFzdF9yb3RhdGVkLGFjY2Vzc19rZXlfMV9sYXN0X3VzZWRfZGF0ZSxhY2Nlc3Nfa2V5XzFfbGFzdF91c2VkX3JlZ2lvbixhY2Nlc3Nfa2V5XzFfbGFzdF91c2VkX3NlcnZpY2UsYWNjZXNzX2tleV8yX2FjdGl2ZSxhY2Nlc3Nfa2V5XzJfbGFzdF9yb3RhdGVkLGFjY2Vzc19rZXlfMl9sYXN0X3VzZWRfZGF0ZSxhY2Nlc3Nfa2V5XzJfbGFzdF91c2VkX3JlZ2lvbixhY2Nlc3Nfa2V5XzJfbGFzdF91c2VkX3NlcnZpY2UsY2VydF8xX2FjdGl2ZSxjZXJ0XzFfbGFzdF9yb3RhdGVkLGNlcnRfMl9hY3RpdmUsY2VydF8yX2xhc3Rfcm90YXRlZAo8cm9vdF9hY2NvdW50Pixhcm46YXdzOmlhbTo6MjE2MTExMzY1MDU5OnJvb3QsMjAyMy0wMS0yNlQxMDowNDozNiswMDowMCxub3Rfc3VwcG9ydGVkLDIwMjMtMDEtMzBUMTA6MTQ6NDUrMDA6MDAsbm90X3N1cHBvcnRlZCxub3Rfc3VwcG9ydGVkLHRydWUsZmFsc2UsTi9BLE4vQSxOL0EsTi9BLGZhbHNlLE4vQSxOL0EsTi9BLE4vQSxmYWxzZSxOL0EsZmFsc2UsTi9BCnZhc3lsLmhlcm1hbkB1bmRlcmRlZmVuc2UuY29tLGFybjphd3M6aWFtOjoyMTYxMTEzNjUwNTk6dXNlci92YXN5bC5oZXJtYW5AdW5kZXJkZWZlbnNlLmNvbSwyMDIzLTAxLTI2VDEwOjE1OjM3KzAwOjAwLGZhbHNlLE4vQSxOL0EsTi9BLGZhbHNlLGZhbHNlLDIwMjMtMDEtMjZUMTA6MTY6MDYrMDA6MDAsMjAyMy0wMi0wNlQxODoxMTowMCswMDowMCx1cy1lYXN0LTEsc3RzLHRydWUsMjAyMy0wMy0wNlQwNzo1MDozMCswMDowMCwyMDIzLTA0LTEzVDEzOjAxOjAwKzAwOjAwLHVzLWVhc3QtMSxzdHMsZmFsc2UsTi9BLGZhbHNlLE4vQQ== --query DecodedMessage --output text

    It may help.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search