pulumi destroy fails sometimes DeleteConflict: Cannot delete entity, must detach all policies first.

[csantanapr]

Running pulumi destroy fails sometime when deleting eks Cluster

Here are the logs

2024-04-04T00:01:07.2136239Z @ Destroying...........................................................................................................................
2024-04-04T00:01:07.2138393Z  -  aws:iam:Role dev-cluster-instanceRole-role deleting (121s) error: deleting urn:pulumi:dev::***::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::dev-cluster-instanceRole-role: 1 error occurred:
2024-04-04T00:01:07.2141226Z  -  aws:iam:Role dev-cluster-instanceRole-role **deleting failed** error: deleting urn:pulumi:dev::***::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::dev-cluster-instanceRole-role: 1 error occurred:
2024-04-04T00:01:07.2143047Z     pulumi:pulumi:Stack ***-dev  error: update failed
2024-04-04T00:01:07.2143912Z     pulumi:pulumi:Stack ***-dev **failed** 1 error
2024-04-04T00:01:07.2144493Z Diagnostics:
2024-04-04T00:01:07.2145149Z   pulumi:pulumi:Stack (***-dev):
2024-04-04T00:01:07.2145652Z     error: update failed
2024-04-04T00:01:07.2146017Z 
2024-04-04T00:01:07.2146334Z   aws:iam:Role (dev-cluster-instanceRole-role):
2024-04-04T00:01:07.2147878Z     error: deleting urn:pulumi:dev::***::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::dev-cluster-instanceRole-role: 1 error occurred:
2024-04-04T00:01:07.2149644Z     	* deleting IAM Role (dev-cluster-instanceRole-role-7a50c78): DeleteConflict: Cannot delete entity, must detach all policies first.
2024-04-04T00:01:07.2150972Z     	status code: 409, request id: ba0d5e3a-2ef9-4d10-b164-3becbd72f3c4
2024-04-04T00:01:07.2151460Z 
2024-04-04T00:01:07.2151696Z Resources:
2024-04-04T00:01:07.2152154Z     - 59 deleted
2024-04-04T00:01:07.2152375Z 
2024-04-04T00:01:07.2152554Z Duration: 6m45s
2024-04-04T00:01:07.2152873Z 
2024-04-04T00:01:07.2152879Z 
2024-04-04T00:01:07.2153886Z     at Object.createCommandError (/home/runner/work/_actions/pulumi/actions/v5/webpack:/pulumi-github-action/node_modules/@pulumi/pulumi/automation/errors.js:77:1)
2024-04-04T00:01:07.2155687Z     at /home/runner/work/_actions/pulumi/actions/v5/webpack:/pulumi-github-action/node_modules/@pulumi/pulumi/automation/cmd.js:201:1
2024-04-04T00:01:07.2156866Z     at Generator.throw (<anonymous>)
2024-04-04T00:01:07.2158069Z     at rejected (/home/runner/work/_actions/pulumi/actions/v5/webpack:/pulumi-github-action/node_modules/@pulumi/pulumi/automation/cmd.js:19:1)
2024-04-04T00:01:07.2159453Z     at processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-04-04T00:01:07.2243026Z Post job cleanup.
2024-04-04T00:01:07.3595509Z Post job cleanup.
[logs_22402805996.zip](https://github.com/gitops-bridge-dev/gitopscon-2024-na-demo/files/14859752/logs_22402805996.zip)

2024-04-04T00:01:07.4509436Z [command]/usr/bin/git version
2024-04-04T00:01:07.4551078Z git version 2.43.2

[ilpaulg]

In case it may help anyone, I had a similar issue and it complained about network interfaces and VPC not being deletable.
This is a race condition caused by lack of Pulumi code optimization.

It's easily solvable in my end by going on to the console and in the following order: deleting the VPC endpoint, VPC network interfaces, VPC subnets, then the VPC itself.

Finally run Pulumi refresh to update the stack with the deleted resources, and then try to destroy the stack again.