From 516e05f6eff2b7cd0dcc99f8c939a882cd0ea71c Mon Sep 17 00:00:00 2001 From: Norm Johanson Date: Wed, 4 Feb 2026 15:22:04 -0800 Subject: [PATCH 1/4] Fix integ tests to make sure IAM role is cleaned up after test run --- .../BaseCustomRuntimeTest.cs | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs b/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs index 44286d8bd..1f636244a 100644 --- a/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs +++ b/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs @@ -79,6 +79,22 @@ protected async Task CleanUpTestResources(AmazonS3Client s3Client, AmazonLambdaC if (!roleAlreadyExisted) { + // Detach managed policies + var listAttachedPoliciesRequest = new ListAttachedRolePoliciesRequest + { + RoleName = ExecutionRoleName + }; + var attachedPolicies = await iamClient.ListAttachedRolePoliciesAsync(listAttachedPoliciesRequest); + + foreach (var policy in attachedPolicies.AttachedPolicies) + { + await iamClient.DetachRolePolicyAsync(new DetachRolePolicyRequest + { + RoleName = ExecutionRoleName, + PolicyArn = policy.PolicyArn + }); + } + try { var deleteRoleRequest = new DeleteRoleRequest From b0bbe105d4bb55a05d57e063b64ec3e87b5a7f9d Mon Sep 17 00:00:00 2001 From: Norm Johanson Date: Wed, 4 Feb 2026 16:17:27 -0800 Subject: [PATCH 2/4] Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../BaseCustomRuntimeTest.cs | 27 ++++++++++++------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs b/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs index 1f636244a..49197645d 100644 --- a/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs +++ b/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs @@ -80,19 +80,26 @@ protected async Task CleanUpTestResources(AmazonS3Client s3Client, AmazonLambdaC if (!roleAlreadyExisted) { // Detach managed policies - var listAttachedPoliciesRequest = new ListAttachedRolePoliciesRequest + try { - RoleName = ExecutionRoleName - }; - var attachedPolicies = await iamClient.ListAttachedRolePoliciesAsync(listAttachedPoliciesRequest); + var listAttachedPoliciesRequest = new ListAttachedRolePoliciesRequest + { + RoleName = ExecutionRoleName + }; + var attachedPolicies = await iamClient.ListAttachedRolePoliciesAsync(listAttachedPoliciesRequest); - foreach (var policy in attachedPolicies.AttachedPolicies) - { - await iamClient.DetachRolePolicyAsync(new DetachRolePolicyRequest + foreach (var policy in attachedPolicies.AttachedPolicies) { - RoleName = ExecutionRoleName, - PolicyArn = policy.PolicyArn - }); + await iamClient.DetachRolePolicyAsync(new DetachRolePolicyRequest + { + RoleName = ExecutionRoleName, + PolicyArn = policy.PolicyArn + }); + } + } + catch (Exception) + { + // no problem - it's best effort } try From cf5491cb684cc7fe729c5156da0fd47f44fb6144 Mon Sep 17 00:00:00 2001 From: Norm Johanson Date: Wed, 4 Feb 2026 16:18:21 -0800 Subject: [PATCH 3/4] Simplify role deletion logic in BaseCustomRuntimeTest Removed unnecessary exception handling for role deletion. --- .../BaseCustomRuntimeTest.cs | 7 ------- 1 file changed, 7 deletions(-) diff --git a/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs b/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs index 49197645d..7e37ebe9e 100644 --- a/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs +++ b/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs @@ -96,14 +96,7 @@ await iamClient.DetachRolePolicyAsync(new DetachRolePolicyRequest PolicyArn = policy.PolicyArn }); } - } - catch (Exception) - { - // no problem - it's best effort - } - try - { var deleteRoleRequest = new DeleteRoleRequest { RoleName = ExecutionRoleName From 49ad8df5cfd4df6ce19a0826723a1f5ae72935ec Mon Sep 17 00:00:00 2001 From: Norm Johanson Date: Wed, 4 Feb 2026 16:18:53 -0800 Subject: [PATCH 4/4] Remove comment on detaching managed policies Removed comment about detaching managed policies. --- .../BaseCustomRuntimeTest.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs b/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs index 7e37ebe9e..c220a671e 100644 --- a/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs +++ b/Libraries/test/Amazon.Lambda.RuntimeSupport.Tests/Amazon.Lambda.RuntimeSupport.IntegrationTests/BaseCustomRuntimeTest.cs @@ -79,7 +79,6 @@ protected async Task CleanUpTestResources(AmazonS3Client s3Client, AmazonLambdaC if (!roleAlreadyExisted) { - // Detach managed policies try { var listAttachedPoliciesRequest = new ListAttachedRolePoliciesRequest