Help us understand the problem. What is going on with this article?

[JAWS-UG CLI] IAM Managed Policy:#17-5 Managed Policyの削除(後片付け)

More than 5 years have passed since last update.

前提条件

1. S3 Bucketの削除

1.1. ファイルの削除

バケット名を確認

commnad
cat << ETX

        S3_BUCKET_NAME: ${S3_BUCKET_NAME}

ETX
result
        S3_BUCKET_NAME: jaws-ug-cli-17-handson

バケット内のファイルを削除

commnad
aws s3 rm s3://${S3_BUCKET_NAME}/ --recursive
result
delete: s3://jaws-ug-cli-17-handson/test01.txt
delete: s3://jaws-ug-cli-17-handson/test03.txt
delete: s3://jaws-ug-cli-17-handson/test02.txt

1.2. Bucketの削除

commnad
aws s3 rb s3://${S3_BUCKET_NAME}
result
remove_bucket: s3://jaws-ug-cli-17-handson/

バケットが削除されたことを確認

commnad
aws s3 ls s3://${S3_BUCKET_NAME}/
result
A client error (NoSuchBucket) occurred when calling the ListObjects operation: The specified bucket does not exist

2. Managed Policyの削除

2.1. Managed PolicyのDetach

パラメータの確認

commnad
cat << ETX
        IAM_GROUP_NAME: ${IAM_GROUP_NAME}
        IAM_MANAGED_POLICY_ARN: ${IAM_MANAGED_POLICY_ARN}
ETX
result
        IAM_GROUP_NAME: IAM_limited
        IAM_MANAGED_POLICY_ARN: arn:aws:iam::************:policy/jawsug-cli/S3_ManagedPolicy

Managed Policyをグループからデタッチ

commnad
aws iam detach-group-policy --group-name ${IAM_GROUP_NAME} --policy-arn ${IAM_MANAGED_POLICY_ARN}
result
(戻り値なし)

デタッチされたことを確認

commnad
aws iam list-attached-group-policies --group-name ${IAM_GROUP_NAME}
result
{
    "AttachedPolicies": [],
    "IsTruncated": false
}

2.2. Managed Policyの削除

Managed Policyを削除する際、Default Version以外を事前に削除しておく必要があります。

ポリシーが保持しているVersionを確認

commnad
aws iam list-policy-versions --policy-arn ${IAM_MANAGED_POLICY_ARN}
commnad
{
    "IsTruncated": false,
    "Versions": [
        {
            "CreateDate": "2015-03-28T13:29:42Z",
            "VersionId": "v6",
            "IsDefaultVersion": false
        },
        {
            "CreateDate": "2015-03-28T13:29:39Z",
            "VersionId": "v5",
            "IsDefaultVersion": false
        },
        {
            "CreateDate": "2015-03-28T13:29:33Z",
            "VersionId": "v4",
            "IsDefaultVersion": false
        },
        {
            "CreateDate": "2015-03-28T13:06:44Z",
            "VersionId": "v2",
            "IsDefaultVersion": false
        },
        {
            "CreateDate": "2015-03-28T12:22:45Z",
            "VersionId": "v1",
            "IsDefaultVersion": true
        }
    ]
}

Default Version以外をすべて削除
(Default Versionを除くすべてのVersionに対して実行してください。)
(以下のコマンドは、実際に保持しているバージョンの数に応じて修正してください。)

commnad
aws iam delete-policy-version --policy-arn ${IAM_MANAGED_POLICY_ARN} --version-id "v2"
result
(戻り値なし)

デフォルトバージョンを削除しようとすると怒られます。

commnad
aws iam delete-policy-version --policy-arn ${IAM_MANAGED_POLICY_ARN} --version-id "v1"
result
A client error (DeleteConflict) occurred when calling the DeletePolicyVersion operation: Cannot delete the default version of a policy.

ポリシーを削除

commnad
aws iam delete-policy --policy-arn ${IAM_MANAGED_POLICY_ARN}
result
(戻り値なし)

2.3. 確認

commnad
aws iam get-policy --policy-arn ${IAM_MANAGED_POLICY_ARN}
result
A client error (NoSuchEntity) occurred when calling the GetPolicy operation: Policy arn:aws:iam::************:policy/S3_ManagedPolicy does not exist.

以上です。
お疲れ様でした。

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away