I have created a simple cloudformation
Resources:
MyNewEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-0b16d80945b1a9c7d
InstanceType: t2.micro
SubnetId: subnet-0cc709c048a0ec292
SecurityGroupIds:
- sg-09cd08e7081541ada
KeyName: stg-emr-test
The stack was successfully created. I was able to ssh into the ec2 instance. but now i want to remove this stack. i.e the Ec2 instance
and later tried to delete it. Its failing
2
Answers
The logged in user has the rights to create, but not terminate/delete.
Make sure that the correct permissions (via AWS IAM) are assoicated to the user to perform any action within the AWS account
As assumed above, there is no allow or there is an explicit deny action in a Policy. However, it’s clear to me, it’s not in IAM if you are asking
how come i am able to create but not able to delete
. Plus, an encoded message, usually, is a sign of AWS Organization being used.It has to be an SCP applied on your account. Check the Policy evaluation logic.
Additionally, double-check Permissions boundaries and IAM Policy to alleviate any uncertainties or doubts
It’s also advisable to decode the error:
It may help.