Handling of dependencies between IAM roles and policies

[gposton]

The eventual consistency of AWS sometimes has negative impact on terraform destroys. Not sure how to get around it, but I sometimes run into this error:

aws_iam_role_policy.policy: Destroying...
aws_iam_role_policy.policy: Destruction complete
aws_instance.ope-primary: Destruction complete
aws_iam_instance_profile.profile: Destroying...
aws_security_group.ope: Destroying...
aws_iam_instance_profile.profile: Destruction complete
aws_iam_role.role: Destroying...
aws_iam_role.role: Error: 1 error(s) occurred:

* Error deleting IAM Role ope-sre: DeleteConflict: Cannot delete entity, must delete policies first.
status code: 409, request id: [32735d90-5899-11e5-876f-17ed4fb647d7]
aws_security_group.ope: Destruction complete
terraform_remote_state.vpc: Destroying...
terraform_remote_state.vpc: Destruction complete
Error applying plan:

1 error(s) occurred:

* Error deleting IAM Role ope-sre: DeleteConflict: Cannot delete entity, must delete policies first.
status code: 409, request id: [32735d90-5899-11e5-876f-17ed4fb647d7]

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.