Destroying cluster causes some issues with removing policies (#196)

marky-mark · max-rocket-internet · commit cddac92757eb · 2018-11-23T14:33:02.000+01:00
* Destroying cluster causes some issues with removing policies use the force detach https://www.terraform.io/docs/providers/aws/r/iam_role.html#force_detach_policies * Destroying cluster causes some issues with removing policies * formatting * Destroying cluster causes some issues with removing policies * CHANGELOG
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 - `suspended_processes` to `worker_groups` input (by @bkmeneguello)
 - `target_group_arns` to `worker_groups` input (by @zihaoyu)
+- `force_detach_policies` to `aws_iam_role` `cluster` and `workers` (by @marky-mark)
 
 ### Changed
 
diff --git a/cluster.tf b/cluster.tf
@@ -50,8 +50,9 @@ resource "aws_security_group_rule" "cluster_https_worker_ingress" {
 }
 
 resource "aws_iam_role" "cluster" {
-  name_prefix        = "${var.cluster_name}"
-  assume_role_policy = "${data.aws_iam_policy_document.cluster_assume_role_policy.json}"
+  name_prefix           = "${var.cluster_name}"
+  assume_role_policy    = "${data.aws_iam_policy_document.cluster_assume_role_policy.json}"
+  force_detach_policies = true
 }
 
 resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSClusterPolicy" {
diff --git a/workers.tf b/workers.tf
@@ -105,8 +105,9 @@ resource "aws_security_group_rule" "workers_ingress_cluster_https" {
 }
 
 resource "aws_iam_role" "workers" {
-  name_prefix        = "${aws_eks_cluster.this.name}"
-  assume_role_policy = "${data.aws_iam_policy_document.workers_assume_role_policy.json}"
+  name_prefix           = "${aws_eks_cluster.this.name}"
+  assume_role_policy    = "${data.aws_iam_policy_document.workers_assume_role_policy.json}"
+  force_detach_policies = true
 }
 
 resource "aws_iam_instance_profile" "workers" {

Original file line number	Diff line number	Diff line change
`@@ -50,8 +50,9 @@ resource "aws_security_group_rule" "cluster_https_worker_ingress" {`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`resource "aws_iam_role" "cluster" {`
`53`		`- name_prefix = "${var.cluster_name}"`
`54`		`- assume_role_policy = "${data.aws_iam_policy_document.cluster_assume_role_policy.json}"`
	`53`	`+ name_prefix = "${var.cluster_name}"`
	`54`	`+ assume_role_policy = "${data.aws_iam_policy_document.cluster_assume_role_policy.json}"`
	`55`	`+ force_detach_policies = true`
`55`	`56`	`}`
`56`	`57`
`57`	`58`	`resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSClusterPolicy" {`
Original file line number	Diff line number	Diff line change
`@@ -105,8 +105,9 @@ resource "aws_security_group_rule" "workers_ingress_cluster_https" {`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`resource "aws_iam_role" "workers" {`
`108`		`- name_prefix = "${aws_eks_cluster.this.name}"`
`109`		`- assume_role_policy = "${data.aws_iam_policy_document.workers_assume_role_policy.json}"`
	`108`	`+ name_prefix = "${aws_eks_cluster.this.name}"`
	`109`	`+ assume_role_policy = "${data.aws_iam_policy_document.workers_assume_role_policy.json}"`
	`110`	`+ force_detach_policies = true`
`110`	`111`	`}`
`111`	`112`
`112`	`113`	`resource "aws_iam_instance_profile" "workers" {`