Managing IAM policies on the module exclusively

[GedriteA]

Is your request related to a new offering from AWS?

Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.

• Yes ✅: 5.72.0

Is your request related to a problem? Please describe.

I want to be able to prevent manually made changes to persist between terraform runs. I.e, someone attaches a policy to the terraformed role via the console - that gets reverted when terraform is applied again. This is not how the module handles it currently given the use of aws_iam_role_policy_attachment.

Describe the solution you'd like.

Provider version 5.72.0 introduced https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachments_exclusive.

A flag/variable that switches between the use of iam_role_policy_attachments and iam_role_policy_attachments_exclusive.

Describe alternatives you've considered.

1. Managed policy arns (feat: Enables exclusive IAM policy management of IAM role with managed_policy_arns option #526)

• managed policy arns are deprecated so I don't think this is a good path forward.

Additional context

[github-actions]

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days