Cross posted from my blog.
The Situation
In the recent weeks most of my day job time has been spent with CloudFormation (CF) and the AWS developer tools. CodeStar, CodeBuild, CodePipeline, and CodeDeploy. During the day-in / day-out routine I came across a error that stumped me for a bit; When deleting a CF stack the follow error message was returned and the stack was not deleted.
failed to delete stack: Role [...] is invalid or cannot be assumed
The Solution
The error message text is fairly clear, though not very detailed. In layman's terms when the CF service attempts to assuming an IAM role in order to complete a task the role (in my case) no longer exists. After a bit of digging I found a solution and it is surprisingly reasonable!
- Go to the IAM service; we want to create a new role
- Then create a role names as the missing role from the error message
-
Then assign access policies that the role will need
- In my case I was trying to delete the stack; and while not a best practice, the admin role was sufficient.
- Then execute the CF process once more
If all goes well the stack should complete the desired action (delete) with without issue. The solution really is that easy. #win
Wrapping Up
Hopefully you find this helpful in your dealings with AWS, now or in the future. Do you have any quick tips concerning AWS CloudFormation? What has your experience with CF been like? Let me know in the comments below.
Top comments (3)
Great post. This is another method to clean up the stuck stacks
gist.github.com/sivaramsajeev/9d47...
Thanks, that helped a lot!
Thanks David, very helpful