Closed RobinL closed 6 years ago
I did some digging on this and I conclude it's really weird and it shouldn't happen.
I know we detach policies before actually deleting IAM roles but I had another look if there was a regression.
According to Git we didn't change delete_role()/_detach_role_policies()
in months.
I also manually tried locally and the _detach_role_policies()
actually detaches the policies.
Also, I didn't find this error in Sentry the CP-API, only in the CP-UI.
Does it happen all the time or only sometimes? I wonder if it's some strange race condition caused by AWS detaching those policies asynchronously.
Right, I managed to reproduce locally. My best guess at this time is that it's complaining about the inline policies, mainly s3-access
but potentially others.
Ticket with more details, possible solution, etc...https://trello.com/c/04FsXha3/984-cant-delete-users
@xoen is this issue fixed?
@andyhd I think it is. I think I was waiting for Robin to test that but I see the ticket was moved so let's close this.
Following recent changes to IAM permissions, the 'Delete user' button now throws an error and doesn't delete the user: