This repository has been archived by the owner on Dec 24, 2023. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Handle role removal correctly in IAM instance profiles.
If an aws_iam_instance_profile resource is created with `role` set (vs. `roles`, which is deprecated) then the resulting resource is written to the state file with only `role` populated. An IAM instance profile cannot be deleted as long as there is a role attached. If an attempt is made to delete the instance profile resource without an intervening refresh, the provider will read the (empty) `roles` property, detach no roles, then try to delete the resource. The delete will fail. Note that most users won't see this because apply and plan refresh first, and the code for Get always sets `roles`. These changes consider the value of `role` in `instanceProfileRemoveAllRoles` before considering `roles`. If `role` is populated, the role named therein is removed. The removed role is tracked s.t. if it is also present in `roles` no attempt is made to remove it twice.
- Loading branch information