Sanjay/terraform apply variables

[Sanjay3101]

Description

Currently, when policies are applied, the AWS Terraform provider executes two actions simultaneously: Create a policy and setting it as default version.
These two operations when run in a single operation appear to expose a brief interval where valid STS tokens with attached Session Policies are rejected by AWS authorization servers that have not received the new default policy version. Separating this into two distinct actions of creating a policy version, pausing briefly, and then setting that to the default version can avoid this issue, and may be required in environments with very high S3 IO loads.

This pull request introduces a new variable delay_after_policy_creation_in_ms which can be used by users to apply a delay between these API calls.

Relations

Closes #0000

References

Output from Acceptance Testing

➜  terraform-provider-aws git:(sanjay/terraform_apply_variables) make testacc TESTS=TestAccIAMPolicy_updateWithoutDelay PKG=iam
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.5 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMPolicy_updateWithoutDelay'  -timeout 360m -vet=off
2025/03/27 15:10:47 Initializing Terraform AWS Provider...
=== RUN   TestAccIAMPolicy_updateWithoutDelay
=== PAUSE TestAccIAMPolicy_updateWithoutDelay
=== CONT  TestAccIAMPolicy_updateWithoutDelay
--- PASS: TestAccIAMPolicy_updateWithoutDelay (29.29s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/iam	46.006s

➜  terraform-provider-aws git:(sanjay/terraform_apply_variables) make testacc TESTS=TestAccIAMPolicy_updateWithDelay PKG=iam
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.5 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMPolicy_updateWithDelay'  -timeout 360m -vet=off
2025/03/28 13:44:12 Initializing Terraform AWS Provider...
=== RUN   TestAccIAMPolicy_updateWithDelay
=== PAUSE TestAccIAMPolicy_updateWithDelay
=== CONT  TestAccIAMPolicy_updateWithDelay
--- PASS: TestAccIAMPolicy_updateWithDelay (36.36s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/iam	49.422s

...

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[github-actions]

⚠️ We've detected the following potential issues with your pull request

Maintainer Edit Permissions:

At times, our maintainers need to make direct edits to pull requests in order to prepare it to be merged. At the time of opening this pull request, your settings do not allow maintainers to make such edits. If possible, update your settings as described in the following document. If your fork is owned by an organization that limits your ability to make this change, please let us know.

GitHub: Allowing changes to a pull request branch created from a fork