hashicorp · bflad · Jan 9, 2019 · Jan 9, 2019 · Jan 9, 2019
diff --git a/aws/resource_aws_iam_user_policy.go b/aws/resource_aws_iam_user_policy.go
@@ -2,11 +2,11 @@ package aws
 
 import (
 	"fmt"
+	"log"
 	"net/url"
 	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/iam"
 
 	"github.com/hashicorp/terraform/helper/resource"
@@ -101,7 +101,8 @@ func resourceAwsIamUserPolicyRead(d *schema.ResourceData, meta interface{}) erro
 
 	getResp, err := iamconn.GetUserPolicy(request)
 	if err != nil {
-		if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { // XXX test me
+		if isAWSErr(err, iam.ErrCodeNoSuchEntityException, "") {
+			log.Printf("[WARN] IAM User Policy (%s) for %s not found, removing from state", name, user)
 			d.SetId("")
 			return nil
 		}
@@ -139,6 +140,9 @@ func resourceAwsIamUserPolicyDelete(d *schema.ResourceData, meta interface{}) er
 	}
 
 	if _, err := iamconn.DeleteUserPolicy(request); err != nil {
+		if isAWSErr(err, iam.ErrCodeNoSuchEntityException, "") {
+			return nil
+		}
 		return fmt.Errorf("Error deleting IAM user policy %s: %s", d.Id(), err)
 	}
 	return nil

diff --git a/aws/resource_aws_iam_user_policy_test.go b/aws/resource_aws_iam_user_policy_test.go
@@ -77,6 +77,28 @@ func TestAccAWSIAMUserPolicy_basic(t *testing.T) {
 	})
 }
 
+func TestAccAWSIAMUserPolicy_disappears(t *testing.T) {
+	var out iam.GetUserPolicyOutput
+	suffix := randomString(10)
+	resourceName := fmt.Sprintf("aws_iam_user_policy.foo_%s", suffix)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIAMUserPolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAwsIamUserPolicyConfig(suffix),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIAMUserPolicyExists(resourceName, &out),
+					testAccCheckIAMUserPolicyDisappears(&out),
+				),
+				ExpectNonEmptyPlan: true,
+			},
+		},
+	})
+}
+
 func TestAccAWSIAMUserPolicy_namePrefix(t *testing.T) {
 	rInt := acctest.RandInt()
 	policy1 := `{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"*","Resource":"*"}}`
@@ -204,6 +226,38 @@ func TestAccAWSIAMUserPolicy_multiplePolicies(t *testing.T) {
 	})
 }
 
+func testAccCheckIAMUserPolicyExists(resource string, res *iam.GetUserPolicyOutput) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[resource]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resource)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No Policy name is set")
+		}
+
+		user, name, err := resourceAwsIamUserPolicyParseId(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
+		iamconn := testAccProvider.Meta().(*AWSClient).iamconn
+
+		resp, err := iamconn.GetUserPolicy(&iam.GetUserPolicyInput{
+			PolicyName: aws.String(name),
+			UserName:   aws.String(user),
+		})
+		if err != nil {
+			return err
+		}
+
+		*res = *resp
+
+		return nil
+	}
+}
+
 func testAccCheckIAMUserPolicyDestroy(s *terraform.State) error {
 	iamconn := testAccProvider.Meta().(*AWSClient).iamconn
 
@@ -239,6 +293,22 @@ func testAccCheckIAMUserPolicyDestroy(s *terraform.State) error {
 	return nil
 }
 
+func testAccCheckIAMUserPolicyDisappears(out *iam.GetUserPolicyOutput) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		iamconn := testAccProvider.Meta().(*AWSClient).iamconn
+
+		params := &iam.DeleteUserPolicyInput{
+			PolicyName: out.PolicyName,
+			UserName:   out.UserName,
+		}
+
+		if _, err := iamconn.DeleteUserPolicy(params); err != nil {
+			return err
+		}
+		return nil
+	}
+}
+
 func testAccCheckIAMUserPolicy(
 	iamUserResource string,
 	iamUserPolicyResource string) resource.TestCheckFunc {