AWS CloudFormation Stack scenarios with 'ResourceConflict' scenarios When Updating IAM Roles
I'm dealing with This might be a silly question, but I'm working with a 'ResourceConflict' behavior when trying to update my AWS CloudFormation stack that includes IAM roles. The stack was initially created with CloudFormation and is configured to grant specific permissions for an AWS Lambda function. However, when I attempt to update the stack to change the policy document of one of the IAM roles, I receive the following behavior: ``` behavior: The IAM role 'my-role-name' want to be modified because it is in use by another resource. ``` I have ensured that there are no other resources depending on this role in the same stack. I've tried deleting and recreating the role directly through the AWS Management Console, but I get a similar behavior message indicating that the resource want to be deleted because it is still in use. My CloudFormation template looks like this: ```yaml Resources: MyLambdaExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: 'lambda.amazonaws.com' Action: 'sts:AssumeRole' Policies: - PolicyName: 'MyLambdaPolicy' PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 's3:ListBucket' Resource: '*' MyLambdaFunction: Type: AWS::Lambda::Function Properties: Handler: index.handler Role: !GetAtt MyLambdaExecutionRole.Arn Code: ZipFile: | def handler(event, context): return 'Hello, World!' Runtime: python3.8 ``` I have made sure that the IAM role is not being used by any other resources outside of the stack. I am using AWS CLI version 2.0.0 to deploy the stack and I have double-checked that the policy document I am trying to apply follows the proper syntax. Has anyone else faced this scenario? What steps can I take to resolve it without deleting the entire stack? For context: I'm using Yaml on Linux. Is there a simpler solution I'm overlooking?