I noticed that we’re unable to delete RDS subnet groups, even though they are not associated with any databases.
Is this while using the AWS playground, or is this from a lab? If it’s from a lab, a link would be helpful please.
Yes Rob, this is while using AWS playground
Can you perhaps describe a step-by-step procedure to trigger your bug? Since it’s not a lab, it might not surface unless you do some particular set of steps. This will help the lab team figure out what the missing permission is, although your graphic gives a good hint.
Sure! Here are the exact steps to reproduce the issue.
I noticed this problem while trying to destroy some resources using Terraform.
Recreate the issue step by step:
- open a new aws playground
- once in the aws console go to RDS service
- Click in subnet groups
- Create a subnet group (I was using a vpc and subnets I had created, no the default one)
- Once it’s created, try to delete it by clicking action → delete.
- it fails because the user doesn’t have permission to delete subntes groups. (doesn’t make sense since it allows me to create them)
Looks like for some reason, we don’t typically implement delete permissions on resources for AWS. I’m not really certain what the rationale is, since I don’t see potential here for abuse, which would be the most common justification for policies on the playground. Thanks, however, for your step-by-step, which I will pass on to that team.