Resolve the Role role arn is invalid or cannot be assumed error when I update or delete an AWS CloudFormation stack
Error
If the stack has been created with a service role and the role has been deleted, this error is raised.
An error occurred (ValidationError) when calling the DeleteStack operation: Role arn:aws:iam::<ACCOUNT>:role/<ROLE_NAME> is invalid or cannot be assumed
Resolution
We need to create a role with permissions to delete resources and override the current role.
Create role
aws iam create-role --role-name RemoveCFN --assume-role-policy-document '{ "Version": "2012-10-17", "Statement": [ { "Sid": "CFN", "Effect": "Allow", "Principal": { "Service": "cloudformation.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }' aws iam attach-role-policy --role-name RemoveCFN --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
RemoveStack role
aws cloudformation delete-stack --stack-name <StackNAME> --role-arn arn:aws:iam::`aws sts get-caller-identity --query Account --output text`:role/RemoveCFN
Remove role
This step is optional
aws iam detach-role-policy --role-name RemoveCFN --policy-arn arn:aws:iam::aws:policy/AdministratorAccess aws iam delete-role --role-name RemoveCFN
References
Daniel Simao 12:19, 27 March 2023 (EDT)