Managing IAM policies on the module exclusively

[GedriteA]

Is your request related to a new offering from AWS?

Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.

• Yes ✅: 5.72.0

Is your request related to a problem? Please describe.

I want to be able to prevent manually made changes to persist between terraform runs. I.e, someone attaches a policy to the terraformed role via the console - that gets reverted when terraform is applied again. This is not how the module handles it currently given the use of aws_iam_role_policy_attachment.

Describe the solution you'd like.

Provider version 5.72.0 introduced https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachments_exclusive.

A flag/variable that switches between the use of iam_role_policy_attachments and iam_role_policy_attachments_exclusive.

Describe alternatives you've considered.

• Managed policy arns (feat: Enables exclusive IAM policy management of IAM role with managed_policy_arns option #526)

managed policy arns are deprecated so I don't think this is a good path forward.

Additional context

[GedriteA]

#526

as discussed here, this issue might be something of interest.

@bryantbiggs