amazon-web-servicesaws-cloudformationaws-codepipelineaws-codecommit

Unable to delete cfn stack, role is invalid or cannot be assumed


I'm new to aws cloudformation; I'm wondering if anybody knows of a way to force delete a stack when it just won't delete. It fails with this error:

Failed to delete stack: Role arn:aws:iam::role/CloudFormationRole-NestedCFN-CodePipeline is invalid or cannot be assumed

This error usually happens when I try to delete a nested child stack instead of starting by deleting the parent stack first. Is there any way to delete the nested stack if I accidentally deleteted the parent stack?


Solution

  • I've had this problem a few times. The solution is a bit of a hack. In your case, you need to create a new role named CloudFormationRole-NestedCFN-CodePipeline. When you create this role, you'll likely need to select the CloudFormation service when it asks you to Choose the service that will use this role and then Attach permissions policies. Once the role is created, try to delete the stack again.
    Some of this is a guessing game because you need to choose the correct resource (i.e. AWS service) that is a "trusted entity". Based on your role name, it's either CloudFormation or CodePipeline.

    After you delete the CloudFormation stack, you can delete the IAM role you just created.

    The reason you get this error is because you probably deleted a CloudFormation stack that has an IAM role that's being used by the stack you're trying to delete.

    I wish there was a more elegant solution from AWS but this was my workaround.