resource/aws_iam_user: Delete a user's virtual MFA devices when force_destroy is enabled

[eytanhanig]

Fully removing a virtual MFA device requires first deactivating then deleting it. Currently the resource aws_am_user with force_destroy = true implements only the deactivation step and results in dissociated virtual MFA devices being left behind. This can cause issues should a future user - likely one with the same name as the deleted user - attempt to enable virtual MFA with the same path.

This PR implements the deletion step for virtual MFA devices. It also renames the prior function deleteAwsIamUserMFADevices to deactivateAwsIamUserMFADevices in order to reflect what's actually happening to non-virtual MFA devices.

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Release note for CHANGELOG:

resource/aws_iam_user: Delete a user's virtual MFA devices when `force_destroy` is enabled

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccAWSUser_ForceDestroy_MFADevice'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -count 1 -parallel 20 -run=TestAccAWSUser_ForceDestroy_MFADevice -timeout 120m
?   	github.com/terraform-providers/terraform-provider-aws	[no test files]
=== RUN   TestAccAWSUser_ForceDestroy_MFADevice
=== PAUSE TestAccAWSUser_ForceDestroy_MFADevice
=== CONT  TestAccAWSUser_ForceDestroy_MFADevice
--- PASS: TestAccAWSUser_ForceDestroy_MFADevice (22.34s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	23.867s
testing: warning: no tests to run
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws/internal/flatmap	0.258s [no tests to run]
testing: warning: no tests to run
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags	0.118s [no tests to run]'

[gdavison]

Thanks for the PR, @eytanhanig. We will be merging this for the next release, expected late next week, though the schedule may be affected by AWS re:Invent.

[eytanhanig]

Thanks for the PR, @eytanhanig. We will be merging this for the next release, expected late next week, though the schedule may be affected by AWS re:Invent.

Thank you! This is my first big OSS contribution (and my first foray into Go) so I really appreciate your fast review & communication.

[ghost]

This has been released in version 2.41.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!