Bug in AWS Account Update Process
Resource handler returned message: “You cannot update IAM role name.”
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics | Code.
🔒 Related Stories: Bugs | AWS Security | Secure Code
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I am testing creating and updating AWS accounts and tweaking role names and email names.
As I was doing this I created an account and realized I had created the rolename incorrectly. I corrected the rolename and tried to update the account with my CloudFormation stack with this error:
This is quite annoying because if you make a mistake you need to be able to update the rolename.
Next, I decide I can live with the rolename but I want to update the email address. When I try to update the email address I get an error saying I can’t update the role name — even though I restored the role to it’s prior state.
Here’s the other thing. I can’t delete the stack. I can’t rollback the stack. It’s stuck in this eternally messd up state apparently now and I’m trying to figure out how to get out of it.
Even worse — I might have to go through the horrible account deletion process to fix this. I’ve written about that so many times before. I have to somehow login as the root user, add a credit card, and remove the account. And if I do things out of order, I’ll end up with an account I don’t want in a suspended state in my account and can’t fix this CloudFormation stack for 90 days while I wait for that account to drop off.
I love AWS Organizations in concetp. However, AWS should really, thoroughly test all the account creation, deletion, renaming, and suspension functionality to make this more user-friendly.
#awswishlist
Update: Logged in as root and was able to delete the stack. Not sure if that is a coincidence and something was fixed on the back end by AWS.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab