Attempting a ‘serverless remove’ on a deployed error, I got this unexpected error I haven’t seen before:
An error occurred: xyzRole - Cannot delete entity, must detach all policies first.
A quick Google found an issue with the same error and an explanation. There is another policy attached to this Lambda that was not added via the serverless.yml for this stack, so CloudFormation is refusing to delete it. This answer describes exactly what I had done to add the new policy:
I also had added XRay to this Lambda via the Console, and this added an additional managed policy to enable Xray. Checking the IAM Role, here’s the XRay related policy that was added:
I deleted the XRay policy, but at this point serverless has already removed most of the stack but left the IAM role in place, but won’t delete the stack itself, so a manual delete from the Console completed the cleanup.