Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delete a AWS IAM user via IAMbic fails when user has access keys #472

Open
smoy opened this issue Jun 23, 2023 · 3 comments
Open

Delete a AWS IAM user via IAMbic fails when user has access keys #472

smoy opened this issue Jun 23, 2023 · 3 comments
Assignees
@2bytechef
Labels
bug Something isn't working

Comments

@smoy
Copy link
Contributor

smoy commented Jun 23, 2023
edited
Loading

Describe the bug
Delete a AWS IAM user via IAMbic fails when user has access keys

To Reproduce
Steps to reproduce the behavior:

  1. Create a AWS IAM user with active access keys
  2. Change the IAM user template, deleted: true
  3. iambic apply
  4. See error

Expected behavior
The targeted IAM user should be deleted successfully.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: [e.g. iOS]
  • Browser [e.g. chrome, safari]
  • v 0.9.8

Additional context
AWS IAM control plane refuse to delete the IAM user if it has access key. So the delete action needs to be multi-part, first remove the access keys, before deleting the user.

In additional, the IAMbic tool should surface this type of apply error. Currently, it's difficult to pinpoint it without a cloud trail investigation.

Community Engagement
Your vote counts! Please support this bug report by adding a 👍 reaction to the original issue, which will aid the community and maintainers in addressing this problem.

Please refrain from adding "+1" or "me too" comments, as these create unnecessary noise for issue followers and do not help in prioritizing the issue. If you wish to contribute to solving this issue or have submitted a pull request, please leave a comment.
@smoy smoy added the bug Something isn't working label Jun 23, 2023
@smoy smoy changed the title Delete a AWS IAM user via IAMbic fails when use has access keys Delete a AWS IAM user via IAMbic fails when user has access keys Jun 23, 2023
@datfinesoul
Copy link
Contributor

datfinesoul commented Jun 24, 2023
edited
Loading

In regards to 4, in the steps to reproduce, the error message was not clear that this was happening.

Proceed? [y/N]: y
2023/06/21 06:16:15 [info     ] Applying changes to resource.  
  accounts=[
    "management - (000000000000)"
  ] 
  resource_id=myuser 
  resource_type=aws:iam:user
2023/06/21 06:16:17 [error    ] Error encountered when removing resource changes. 
  accounts=[
    "management - (000000000000)"
  ] 
  resource_id=myuser 
  resource_type=aws:iam:user
2023/06/21 06:16:17 [info     ] Finished applying changes.

Finding this was only possible when digging into the CloudTrail DeleteUser event.

@2bytechef
Copy link
Contributor

I can take a crack at this bug if you wouldn't mind assigning it to me

@smoy smoy assigned smoy and 2bytechef and unassigned smoy Aug 4, 2023
@smoy
Copy link
Contributor Author

smoy commented Aug 29, 2023

@Wilhite-r I haven't seen any movement in this issue. Would you mind if I assign this to another developer?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@2bytechef 2bytechef

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@datfinesoul @smoy @2bytechef