Merge pull request #5650 from hashicorp/backport/moduli-force-detach-poilcy/positively-smashing-crab

This pull request was automerged via backport-assistant

enos/modules/aws_boundary/iam.tf

@@ -32,8 +32,9 @@ data "aws_iam_policy_document" "boundary_profile" {
 }
 
 resource "aws_iam_role" "boundary_instance_role" {
-  name               = "boundary_instance_role-${random_string.cluster_id.result}"
-  assume_role_policy = data.aws_iam_policy_document.boundary_instance_role.json
+  name                  = "boundary_instance_role-${random_string.cluster_id.result}"
+  assume_role_policy    = data.aws_iam_policy_document.boundary_instance_role.json
+  force_detach_policies = true
 }
 
 resource "aws_iam_instance_profile" "boundary_profile" {

enos/modules/aws_vault/iam.tf

@@ -36,9 +36,10 @@ data "aws_iam_policy_document" "vault_profile" {
 }
 
 resource "aws_iam_role" "vault_instance_role" {
-  count              = var.deploy ? 1 : 0
-  name               = "vault_instance_role-${random_string.cluster_id.result}"
-  assume_role_policy = data.aws_iam_policy_document.vault_instance_role.json
+  count                 = var.deploy ? 1 : 0
+  name                  = "vault_instance_role-${random_string.cluster_id.result}"
+  assume_role_policy    = data.aws_iam_policy_document.vault_instance_role.json
+  force_detach_policies = true
 }
 
 resource "aws_iam_instance_profile" "vault_profile" {

enos/modules/aws_worker/iam.tf

@@ -58,8 +58,9 @@ data "aws_iam_policy_document" "combined_policy_document" {
 }
 
 resource "aws_iam_role" "boundary_instance_role" {
-  name               = "boundary_instance_role-${random_string.cluster_id.result}"
-  assume_role_policy = data.aws_iam_policy_document.boundary_instance_role.json
+  name                  = "boundary_instance_role-${random_string.cluster_id.result}"
+  assume_role_policy    = data.aws_iam_policy_document.boundary_instance_role.json
+  force_detach_policies = true
 }
 
 resource "aws_iam_instance_profile" "boundary_profile" {