feat: Enables exclusive IAM policy management of IAM role with managed_policy_arns option

[sksmsWKd]

Description

This PR supports exclusive management of policy attachments on IAM role.

For prevent resource cycling error, managed_policy_arns can't be used with these resources : aws_iam_role_policy_attachment or aws_iam_role_policy.

Motivation and Context

When using aws_iam_role and this module with the moved command for refactoring (i mean refactor my resource with this module),
although my aws_iam_role already contains managed_policy_arns,
the managed_policy_arns could not be set, so the dependency between IAM role and IAM policy could not be left as code, so aws_iam_role_policy_attachment had to be added as resource.

To prevent unexpected IAM policy changes, i thought adding managed_policy_arns option to IAM role can be clear choice for exclusive management of IAM role's policy.

Breaking Changes

How Has This Been Tested?

• I have updated at least one of the examples/* to demonstrate and validate my change(s)
• I have tested and validated these changes using one or more of the provided examples/* projects

• I have executed pre-commit run -a on my pull request

[GedriteA]

+1 we could use this

[sksmsWKd]

Hello @bryantbiggs, @antonbabenko, Cloud you review my PR, please.

[bryantbiggs]

I don't understand the problem nor the changes proposed

[joan-s-molas]

I believe what @sksmsWKd is trying to achieve is to prevent manually made changes to the policy attachments for that role (via console or cli) to persist between terraform runs. I.e, someone attaches a policy to the terraformed role via the console - that gets reverted when terraform is applied again.

aws_iam_role.managed_policy_arns has been deprecated, so that would not be the best approach.

The way to go around this should probably be implementing the optional use of aws_iam_role_policy_attachments_exclusive or similar.