From 49082cc37d3b36cd44dce8bd2606cb753651b088 Mon Sep 17 00:00:00 2001
From: Michael Li <michael.li@hashicorp.com>
Date: Mon, 14 Apr 2025 22:26:17 +0000
Subject: [PATCH] backport of commit 5fb68d4f86a9c201c104215ed3143ec09e1c513e

---
 enos/modules/aws_boundary/iam.tf | 5 +++--
 enos/modules/aws_vault/iam.tf    | 7 ++++---
 enos/modules/aws_worker/iam.tf   | 5 +++--
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/enos/modules/aws_boundary/iam.tf b/enos/modules/aws_boundary/iam.tf
index 3c6aea894d..46f3c831e0 100644
--- a/enos/modules/aws_boundary/iam.tf
+++ b/enos/modules/aws_boundary/iam.tf
@@ -32,8 +32,9 @@ data "aws_iam_policy_document" "boundary_profile" {
 }
 
 resource "aws_iam_role" "boundary_instance_role" {
-  name               = "boundary_instance_role-${random_string.cluster_id.result}"
-  assume_role_policy = data.aws_iam_policy_document.boundary_instance_role.json
+  name                  = "boundary_instance_role-${random_string.cluster_id.result}"
+  assume_role_policy    = data.aws_iam_policy_document.boundary_instance_role.json
+  force_detach_policies = true
 }
 
 resource "aws_iam_instance_profile" "boundary_profile" {
diff --git a/enos/modules/aws_vault/iam.tf b/enos/modules/aws_vault/iam.tf
index 32dc26112c..2426490cd0 100644
--- a/enos/modules/aws_vault/iam.tf
+++ b/enos/modules/aws_vault/iam.tf
@@ -36,9 +36,10 @@ data "aws_iam_policy_document" "vault_profile" {
 }
 
 resource "aws_iam_role" "vault_instance_role" {
-  count              = var.deploy ? 1 : 0
-  name               = "vault_instance_role-${random_string.cluster_id.result}"
-  assume_role_policy = data.aws_iam_policy_document.vault_instance_role.json
+  count                 = var.deploy ? 1 : 0
+  name                  = "vault_instance_role-${random_string.cluster_id.result}"
+  assume_role_policy    = data.aws_iam_policy_document.vault_instance_role.json
+  force_detach_policies = true
 }
 
 resource "aws_iam_instance_profile" "vault_profile" {
diff --git a/enos/modules/aws_worker/iam.tf b/enos/modules/aws_worker/iam.tf
index 6bddbcd2c4..2ed467d124 100644
--- a/enos/modules/aws_worker/iam.tf
+++ b/enos/modules/aws_worker/iam.tf
@@ -58,8 +58,9 @@ data "aws_iam_policy_document" "combined_policy_document" {
 }
 
 resource "aws_iam_role" "boundary_instance_role" {
-  name               = "boundary_instance_role-${random_string.cluster_id.result}"
-  assume_role_policy = data.aws_iam_policy_document.boundary_instance_role.json
+  name                  = "boundary_instance_role-${random_string.cluster_id.result}"
+  assume_role_policy    = data.aws_iam_policy_document.boundary_instance_role.json
+  force_detach_policies = true
 }
 
 resource "aws_iam_instance_profile" "boundary_profile" {