Error deleting IAM Role (aws-xxxx-xxxx-bootstrap-role): DeleteConflict: Cannot delete entity, must detach all policies first.

Solution In Progress - Updated -

Issue

  • Terraform is unable to delete an IAM Role in AWS 4.6 IPI. The installation completes, however the bootstrap node is not removed and now needs to be manually removed. Installation is expected to finish cleanly.
time="2020-11-11T01:38:46-05:00" level=debug msg="module.bootstrap.aws_iam_role.bootstrap: Still destroying... [id=aws-xxxx-xxxx-bootstrap-role, 10s elapsed]"
time="2020-11-11T01:38:56-05:00" level=debug msg="module.bootstrap.aws_iam_role.bootstrap: Still destroying... [id=aws-xxxx-xxxx-bootstrap-role, 20s elapsed]"
time="2020-11-11T01:39:06-05:00" level=debug msg="module.bootstrap.aws_iam_role.bootstrap: Still destroying... [id=aws-xxxx-xxxx-bootstrap-role, 30s elapsed]"
time="2020-11-11T01:39:07-05:00" level=debug
time="2020-11-11T01:39:07-05:00" level=debug msg="Warning: Resource targeting is in effect"
time="2020-11-11T01:39:07-05:00" level=debug
time="2020-11-11T01:39:07-05:00" level=debug msg="You are creating a plan with the -target option, which means that the result"
time="2020-11-11T01:39:07-05:00" level=debug msg="of this plan may not represent all of the changes requested by the current"
time="2020-11-11T01:39:07-05:00" level=debug msg=configuration.
time="2020-11-11T01:39:07-05:00" level=debug msg="\t\t"
time="2020-11-11T01:39:07-05:00" level=debug msg="The -target option is not for routine use, and is provided only for"
time="2020-11-11T01:39:07-05:00" level=debug msg="exceptional situations such as recovering from errors or mistakes, or when"
time="2020-11-11T01:39:07-05:00" level=debug msg="Terraform specifically suggests to use it as part of an error message."
time="2020-11-11T01:39:07-05:00" level=debug
time="2020-11-11T01:39:07-05:00" level=debug
time="2020-11-11T01:39:07-05:00" level=debug msg="Warning: Applied changes may be incomplete"
time="2020-11-11T01:39:07-05:00" level=debug
time="2020-11-11T01:39:07-05:00" level=debug msg="The plan was created with the -target option in effect, so some changes"
time="2020-11-11T01:39:07-05:00" level=debug msg="requested in the configuration may have been ignored and the output values may"
time="2020-11-11T01:39:07-05:00" level=debug msg="not be fully updated. Run the following command to verify that no other"
time="2020-11-11T01:39:07-05:00" level=debug msg="changes are pending:"
time="2020-11-11T01:39:07-05:00" level=debug msg="    terraform plan"
time="2020-11-11T01:39:07-05:00" level=debug msg="\t"
time="2020-11-11T01:39:07-05:00" level=debug msg="Note that the -target option is not suitable for routine use, and is provided"
time="2020-11-11T01:39:07-05:00" level=debug msg="only for exceptional situations such as recovering from errors or mistakes, or"
time="2020-11-11T01:39:07-05:00" level=debug msg="when Terraform specifically suggests to use it as part of an error message."
time="2020-11-11T01:39:07-05:00" level=debug
time="2020-11-11T01:39:07-05:00" level=error
time="2020-11-11T01:39:07-05:00" level=error msg="Error: Error deleting IAM Role (aws-xxxx-xxxx-bootstrap-role): DeleteConflict: Cannot delete entity, must detach all policies first."
time="2020-11-11T01:39:07-05:00" level=error msg="\tstatus code: 409, request id: 2be36c93-a962-94f5-e349-7edab639e403"
time="2020-11-11T01:39:07-05:00" level=error
time="2020-11-11T01:39:07-05:00" level=error
time="2020-11-11T01:39:07-05:00" level=fatal msg="Terraform destroy: failed to destroy using Terraform"

Environment

  • OpenShift Container Platform (OCP) 4.6
  • AWS Installer Provisioned Infrastructure (IPI)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content