How to Remove a CloudWatch Event Rule Using AWS CLI

amazon-cloudwatchaws-cli

I am using terraform destroy to destroy some resource. However it failed at this step:

module.restore_db_from_snapshot.aws_cloudwatch_event_rule.event_rule:
aws_cloudwatch_event_rule.event_rule: AccessDeniedException: User:
arn:aws:sts::941225788888:assumed-role/delete/anthony_credentials is
not authorized to perform: events:DescribeRule on resource:
arn:aws:events:us-east-2:941225788888:rule/dev-crazy_rule
status code: 400, request id: da4284e5-3b00-4a24-9798-fcb6915c94cb

Apparently my profile does not have sufficient right to call events:DescribeRule. However I think my profile still have the permission to drop it.

That's why I want to use aws cli to directly drop the event rule, maybe with the ARN as shown in the error message.

However when I check the cloudwatch subcommandd, it does not have any delete of event rules.

Is it possible for me to drop the event rule via aws cli?

Best Answer

You need to use the events service delete-rule subcommand:

aws events delete-rule --name <rule_name>

You need to also make sure you have deleted any of the event's targets with events remove-targets.

Related Solutions

Causing Access Denied when using the aws cli to download from Amazon S3

I was struggling with this, too, but I found an answer over here https://stackoverflow.com/a/17162973/1750869 that helped resolve this issue for me. Reposting answer below.

You don't have to open permissions to everyone. Use the below Bucket policies on source and destination for copying from a bucket in one account to another using an IAM user

Bucket to Copy from – SourceBucket

Bucket to Copy to – DestinationBucket

Source AWS Account ID - XXXX–XXXX-XXXX

Source IAM User - src–iam-user

The below policy means – the IAM user - XXXX–XXXX-XXXX:src–iam-user has s3:ListBucket and s3:GetObject privileges on SourceBucket/* and s3:ListBucket and s3:PutObject privileges on DestinationBucket/*

On the SourceBucket the policy should be like:

{
"Id": "Policy1357935677554",
"Statement": [
    {
        "Sid": "Stmt1357935647218",
        "Action": [
            "s3:ListBucket"
        ],
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::SourceBucket",
        "Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
    },
    {
        "Sid": "Stmt1357935676138",
        "Action": ["s3:GetObject"],
        "Effect": "Allow",
        "Resource": "arn:aws:s3::: SourceBucket/*",
        "Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
   }
]
}

On the DestinationBucket the policy should be:

{
"Id": "Policy1357935677554",
"Statement": [
    {
        "Sid": "Stmt1357935647218",
        "Action": [
            "s3:ListBucket"
        ],
        "Effect": "Allow",
        "Resource": "arn:aws:s3::: DestinationBucket",
        "Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
    },
    {
        "Sid": "Stmt1357935676138",
        "Action": ["s3:PutObject"],
        "Effect": "Allow",
        "Resource": "arn:aws:s3::: DestinationBucket/*",
        "Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
   }
]
}

command to be run is s3cmd cp s3://SourceBucket/File1 s3://DestinationBucket/File1

AWS RDS CLI: AccessDenied on CreateDBSnapshot

It is indeed strange, but it appears that the CreateDBSnapshot permission also has to be assigned to the destination snapshot.

This policy works:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmtxxxxxxxxxxxxxx",
            "Effect": "Allow",
            "Action": [
                "rds:CreateDBSnapshot"
            ],
            "Resource": [
                "arn:aws:rds:eu-west-1:xxxxxxxxxxxxxx:db:my-database",
                "arn:aws:rds:eu-west-1:xxxxxxxxxxxxxx:snapshot:*"
            ]
        }
    ]
}

Best Answer

Related Solutions

Causing Access Denied when using the aws cli to download from Amazon S3

AWS RDS CLI: AccessDenied on CreateDBSnapshot

Related Topic