Chalice: After fail to create IAM role, cannot deploy anymore.

Thanks for reporting, this is a bug. We'll get this fixed.

Fixed via https://github.com/aws/chalice/pull/636

I have started the app using chalice and stucked, the steps that i did on EC2 ubuntu instance were following:

ubuntu@ip-172-31-44-209:~$ chalice new-project traindexServiceAPI
ubuntu@ip-172-31-44-209:~$ cd traindexServiceAPI/
ubuntu@ip-172-31-44-209:~/traindexServiceAPI$ chalice deploy
Creating role: traindexServiceAPI-dev
ERROR - While deploying your chalice application, received the following error:

 An error occurred (AccessDenied) when calling the CreateRole operation: User: 
 arn:aws:iam::xxxxx:user/devop is not authorized to perform: 
 iam:CreateRole on resource: arn:aws:iam::xxxxx:role/traindexServiceAPI-
 dev

# After allowing iam:CreateRole from AWS Console. 
ubuntu@ip-172-31-44-209:~/traindexServiceAPI$ chalice deploy
Creating role: traindexServiceAPI-dev
ERROR - While deploying your chalice application, received the following error:

 An error occurred (AccessDenied) when calling the PutRolePolicy operation: 
 User: arn:aws:iam::xxxxx:user/devop is not authorized to perform: 
 iam:PutRolePolicy on resource: role traindexServiceAPI-dev

# After allowing iam:PutRolePolicy from AWS Console. 
ubuntu@ip-172-31-44-209:~/traindexServiceAPI$ chalice deploy

The following actions will be added to the execution policy:

logs:PutLogEvents
logs:CreateLogGroup
logs:CreateLogStream

Would you like to continue?  [Y/n]: Y
Updating IAM policy for role: traindexServiceAPI-dev
ERROR - While deploying your chalice application, received the following error:

 An error occurred (AccessDenied) when calling the DeleteRolePolicy operation: 
 User: arn:aws:iam::xxxxx:user/devop is not authorized to perform: 
 iam:DeleteRolePolicy on resource: role traindexServiceAPI-dev

I am still experiencing the same issue when deploying:

Updating IAM policy for role: <role>
ERROR - While deploying your chalice application, received the following error:

 An error occurred (NoSuchEntity) when calling the DeleteRolePolicy operation: 
 The role policy with name <role> cannot be found.

I don't understand why Chalice is still trying to delete the role on deployment...?

I cannot seem to be able to fix this, since the role doesn't exist in AWS. Therefore I cannot even remove it with the console...

I'm getting the same error using the latest version.

A quick workaround is to manually create the inline policy using the name from the error message.

FWIW I receive the same error as well.

Fixing this error is important to me.

Is there still no fix?

This issue is what I was open, and I have confirmed that the phenomenon I reported was fixed via #636. Under what situation do you still encounter the same error ?

I still see this in chalice 1.1.0, and I can't upgrade to 1.3.0 since it requires an older version of pip.

pkg_resources.DistributionNotFound: The 'pip==9.0.1' distribution was not found and is required by the application

A reminder on the workaround in case anyone else stumbles across this: there should be a role called {your-app-name} with a policy under it called {your-app-name}. If they don't exist, create them. It doesn't matter what the policy does, since chalice will delete it.