0

I have created IAM policy and attach it to user group with the same name in AWS accounts under organisation with Cloudformation indivdually.

Now I want to delete the IAM policy in every AWS accounts but hope to do it efficiently. I could not simply delete the Stackset as I wasn't using Stackset in Day 1. Also Cloudformation could only create and edit resources and I couldnt remove the IAM policy by running a Stackset.

Is there any suggestion please?

I tried to create Stackset to remove the resources but seems it is only capable of creating and editing resources. I was expecting the IAM policy to be deleted in AWS accounts under organisation efficiently.

Kin.Yip
  • 3
  • 1
  • If the policy was deployed by a CloudFormation stack, then editing the stack template and Updating the stack should roll-out the change (and therefore delete the policy). But if you are saying that the policies were not originally created by a stack, then this method won't work. You will need to go through each Account and edit the policies (introducing even _further_ stack drift!). You could automate this process via API calls, but you'd still need to write the appropriate code. – John Rotenstein Apr 19 '23 at 03:06
  • Hi John, Thanks for your suggestion. But if I got 20 accounts, it means I need to update the stack template 20 times and it seems unefficiently to me. Should I consider writing code to automate this process to avoid doing it manually 20 times? – Kin.Yip Apr 19 '23 at 03:51

0 Answers0