By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cant delete AWSServiceRoleForApplicationAutoScaling_DynamoDBTable service-link-role

0

Hello,

[cloudshell-user@ip-10-x-x-x ~]$ aws iam delete-role --role-name AWSServiceRoleForApplicationAutoScaling_DynamoDBTable An error occurred (UnmodifiableEntity) when calling the DeleteRole operation: Cannot perform the operation on the protected role 'AWSServiceRoleForApplicationAutoScaling_DynamoDBTable' - this role is only modifiable by AWS

IAM CONSOLE AWSServiceRoleForApplicationAutoScaling_DynamoDBTable Deletion failed. AWS Service: dynamodb.application-autoscaling (Service-Linked Role) 26 days ago

CLOUDTRAIL
Error code UnmodifiableEntityException

Is this how it should work or I am doing something wrong. Any help would be greatly appreciated. Thank you

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
AWS Identity and Access ManagementAWS Command Line Interface
Language
English
urisoft
asked a year ago242 views
2 Answers
0
Accepted Answer

Hello.

I would appreciate it if you could check the following part about the problem of deleting AWSServiceRoleForApplicationAutoScaling_DynamoDBTable IAMRole.

First, the error indicates that the dynamodb table exists. Please refer to the link below because you need to delete the dynamodb table to delete the corresponding IAM role.

Secondly, after deleting the dynamodb table, you will be able to delete the IAM role by referring to the contents below.

Thank you.

AWS
AWS-User-6847632
answered a year ago
0

Hello,

Thank you for your response. I had no dynamo table under the AWS console ,however under CLI one table was found when trying to delete the role. { "Status": "FAILED", "Reason": { "Reason": "Service linked role is still in use", "RoleUsageList": [ { "Region": "eu-central-1", "Resources": [ "table/testdb" ] } ] } }

Trying to see what is all about under CLI this says table not found $ aws dynamodb describe-table --table-name testdb An error occurred (ResourceNotFoundException) when calling the DescribeTable operation: Requested resource not found: Table: testdb not found

Checked again under the region eu-central-1 maybe I've lost my mind and still no testdb table can be seen so the approach that I took was: 1.created a fresh table testdb in eu-central-1 2.deleted the table testdbd in eu-central-1 3.using CLI, success, was able to delete the role.. $ aws iam get-service-linked-role-deletion-status --deletion-task-id "task/aws-service-role/dynamodb.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_DynamoDBTable/aad20187-1c46-4135-aabf-7a5020939a41" { "Status": "SUCCEEDED" I guess it was some sort of ghost dbtest leftover somewhere,somehow :) Hope it helps someone with same issue. Thank you for your help AWS-User-6847632 much appreciated

urisoft
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content