Comments (8)
The problem is that the AWS API returns always empty tags for aws_iam_user resources (tags must be fetched via a separate API call). Do you see any tags? This will be fixed in my PR #102 that fetches all tags via Terraform.
I'll merge that later today.
from awsweeper.
Hi @showerlee,
-
Yes, you want to use #100, which fixes that inline policies are deleted from a user first before deleting the user (otherwise deleting the user fails).
-
What you see here are just attachments of policies to the users (the policies themselves are not deleted). The attachments have no tags. Maybe its confusing to show
aws_iam_user_policy_attachment
resources and they should be hidden from the printed list of resources (they are not real resources, same as inline policies aka.aws_iam_user_policy
resources)?
You can use #100 already if you want (tests are green).
from awsweeper.
The install.sh script only works for official releases and I haven't released a new version yet (I will release v0.9.0
tomorrow that includes all the changes).
For now, you can clone the master branch and run go build
.
from awsweeper.
Got it, #102 would be a big change.
Looking forward to seeing any magic.
from awsweeper.
I merged the PR and tags are working now. However, I still need to work something out to delete aws_iam_user_policy_attachment
resources. If policies are attached, IAM users can currently not be deleted. Fix is coming in #100
from awsweeper.
Hi @jckuester , based on my scenario,
I have two questions:
-
For now all my iam users are attached to an
Inline policy from group xxx
, so is that still the very case needs to fix via coming #100 since I still can filter out all the users with proper owner tag configured after install the latest version. -
I saw
awsweeper
prints a bunch of AWS managed policies and Customer managed that needs to be deleted inaws_iam_user_policy_attachment
---
Type: aws_iam_user_policy_attachment
Found: 11
Id: arn:aws:iam::xxxxxx:policy/xxx_training_group_accesskey_policy
Id: arn:aws:iam::xxxxxx:policy/xxx_training_group_accesskey_policy
Id: arn:aws:iam::xxxxxx:policy/xxx_training_group_accesskey_policy
Id: arn:aws:iam::aws:policy/AmazonRDSFullAccess
Id: arn:aws:iam::aws:policy/AmazonEC2FullAccess
Id: arn:aws:iam::aws:policy/IAMFullAccess
Id: arn:aws:iam::aws:policy/AmazonS3FullAccess
Id: arn:aws:iam::aws:policy/CloudWatchFullAccess
Id: arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess
Id: arn:aws:iam::xxxxxxx:policy/xxxx_training_group_accesskey_policy
Id: arn:aws:iam::xxxxxxx:policy/xxx_training_group_accesskey_policy
---
I can't see what is the tag in those policies and how to add/delete tag to a current policy. Is that what we expected?
Feel free to let me know what's your thought.
from awsweeper.
Hi @jckuester , thanks for the detailed explanation.
Looks the #100 doesn't take into effect.
After I removed old ./bin/awsweeper, .terradozer and reinstall 0.8.0.
I still filter out all the IAM users with proper tag that shouldn't be removed.
Is there anything else I need to config for #100 ?
from awsweeper.
Released in https://github.com/jckuester/awsweeper/releases/tag/v0.9.0
from awsweeper.
Related Issues (20)
- Provide functionality deletion by ARN HOT 1
- error: Must specify Username when calling with non-User credentials HOT 3
- Throttling: Rate exceeded HOT 3
- Support for aws_rds_cluster HOT 6
- WAF: ListLoggingConfigurationsRequest (AccessDeniedException) HOT 1
- Error: failed to configure provider (name=aws, version=3.16.0): HOT 1
- aws_db_instance: FAILED TO DELETE THE FOLLOWING RESOURCES (RETRIES EXCEEDED): 1 HOT 1
- Tag exclusion not functioning for aws_workspaces_directory HOT 1
- Running on linux, getting "failed to install provider"
- Docker Image Problems with 0.11.1 HOT 3
- aws_rds_cluster_endpoint - SIGSEGV: segmentation violation HOT 1
- Ignore Terminated EC2 Instances
- Filters tag and created not working together HOT 3
- Version of Terraform has outdated GPG key HOT 6
- About the latest release HOT 1
- Discovery Performance HOT 3
- Security Group Rule Deletion
- AWS EC2 Client VPN Endpoint Unable to List
- Kinesis Firehose can not be deleted
- aws_cur_report_definition doesn't exist
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from awsweeper.