Support detaching the AdministratorAccess policy from OrganizationAccountAccessRole #36
Description
Use Case
Upon creating a new account, the OrganizationAccountAccessRole automatically has AdministratorAccess, I want to delete it in Terraform without needing to e.g. import and then delete, as that wouldn't make sense.
Describe Ideal Solution
Detaches the default AdministratorAccess policy that grants * on *. But before it does that, verifies that the ARN given by the user is attached already, so that users do not accidentally lock themselves out of an AWS subaccount after creation.
E.g. It can check that OrganizationAccountAccessRole has IAMFullAccess, and then detach the existing AdministratorAccess policy.
Alternatives Considered
Do it outside of Terraform.