From e2945c0e65b777728dc87a054628198a7dab98cd Mon Sep 17 00:00:00 2001 From: Geoffrey Hichborn <166528+phene@users.noreply.github.com> Date: Wed, 16 Mar 2022 01:59:29 -0700 Subject: [PATCH] IAM Role Removal Does Not Require Removal of Permission Boundary (#961) IAM Role Removal Does Not Require Removal of Permission Boundary SUMMARY Removes unnecessary removal of permission boundary from a role when deleting a role. Unlike inline policies, permission boundaries do not need to be removed from an IAM role before deleting the IAM role. This behavior causes issues when a permission boundary is inherited that prevents removal of the permission boundary. Fixes #959 ISSUE TYPE Bugfix Pull Request COMPONENT NAME iam_role Reviewed-by: Markus Bergholz Reviewed-by: Mark Chappell This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/e670b3488b6d61f7ca43c5cf70ce61699abef365 --- plugins/modules/iam_role.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/plugins/modules/iam_role.py b/plugins/modules/iam_role.py index 7ca0d8c4fbb..15683e0e060 100644 --- a/plugins/modules/iam_role.py +++ b/plugins/modules/iam_role.py @@ -571,10 +571,8 @@ def destroy_role(): # Before we try to delete the role we need to remove any # - attached instance profiles # - attached managed policies - # - permissions boundary remove_instance_profiles(role_params, role) update_managed_policies(role_params, role, [], True) - update_role_permissions_boundary(boundary_params, role) try: if not module.check_mode: