From cddac92757eb41a2069ba6fc02267cbf622e31a4 Mon Sep 17 00:00:00 2001
From: mark kelly <mkelly28@tcd.ie>
Date: Fri, 23 Nov 2018 13:33:02 +0000
Subject: [PATCH] Destroying cluster causes some issues with removing policies
 (#196)

* Destroying cluster causes some issues with removing policies

use the force detach

https://www.terraform.io/docs/providers/aws/r/iam_role.html#force_detach_policies

* Destroying cluster causes some issues with removing policies

* formatting

* Destroying cluster causes some issues with removing policies

* CHANGELOG
---
 CHANGELOG.md | 1 +
 cluster.tf   | 5 +++--
 workers.tf   | 5 +++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b554eb8..e61ba6f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 - `suspended_processes` to `worker_groups` input (by @bkmeneguello)
 - `target_group_arns` to `worker_groups` input (by @zihaoyu)
+- `force_detach_policies` to `aws_iam_role` `cluster` and `workers` (by @marky-mark)
 
 ### Changed
 
diff --git a/cluster.tf b/cluster.tf
index 94c06ec..fa5ca28 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -50,8 +50,9 @@ resource "aws_security_group_rule" "cluster_https_worker_ingress" {
 }
 
 resource "aws_iam_role" "cluster" {
-  name_prefix        = "${var.cluster_name}"
-  assume_role_policy = "${data.aws_iam_policy_document.cluster_assume_role_policy.json}"
+  name_prefix           = "${var.cluster_name}"
+  assume_role_policy    = "${data.aws_iam_policy_document.cluster_assume_role_policy.json}"
+  force_detach_policies = true
 }
 
 resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSClusterPolicy" {
diff --git a/workers.tf b/workers.tf
index c4837e0..73fd746 100644
--- a/workers.tf
+++ b/workers.tf
@@ -105,8 +105,9 @@ resource "aws_security_group_rule" "workers_ingress_cluster_https" {
 }
 
 resource "aws_iam_role" "workers" {
-  name_prefix        = "${aws_eks_cluster.this.name}"
-  assume_role_policy = "${data.aws_iam_policy_document.workers_assume_role_policy.json}"
+  name_prefix           = "${aws_eks_cluster.this.name}"
+  assume_role_policy    = "${data.aws_iam_policy_document.workers_assume_role_policy.json}"
+  force_detach_policies = true
 }
 
 resource "aws_iam_instance_profile" "workers" {