fix(iam-group-with-policies): Related resources shouldn't be created when group creation is disabled

[pawelpesz]

Description

Related resources shouldn't be created when group creation is disabled

Motivation and Context

In some scenarios the iam-group-with-policies submodule attempts to create aws_iam_group_membership, aws_iam_policy and aws_iam_group_policy_attachment resources even though the create_group variable is set to false. Workarounds do exist, but ultimately this behaviour is undesired.

Breaking Changes

None.

How Has This Been Tested?

• I have updated at least one of the examples/* to demonstrate and validate my change(s)
• I have tested and validated these changes using one or more of the provided examples/* projects
• I have executed pre-commit run -a on my pull request

[github-actions]

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

[pawelpesz]

Not stale, just updated.

[github-actions]

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

[pawelpesz]

Not stale.

[pawelpesz]

Hello @bryantbiggs, sorry to bother you, but could you take a quick look at this PR? It's nothing controversial, just a simple fix for something that got overlooked. Thank you!

[antonbabenko]

This is not an issue, but an expected behavior of the module.

[antonbabenko]

When create_group is set to false, then it expects that the IAM group with the name specified in name has already been created. Also, this module adds provided properties (such as group_users, custom_group_policy_arns, ...) to it.

[pawelpesz]

@antonbabenko with due respect, but I don't see the same behaviour being followed in the other modules, iam-user for example.

[antonbabenko]

If we had called this module iam-group, then the scope of resources should be - all or nothing (like in iam-user), but since it is iam-group-with-policies, it expects IAM group in one way or another.

[pawelpesz]

I found this behaviour pretty confusing @antonbabenko, but fair enough, thank you for the explanation 🙏

[antonbabenko]

I agree it is confusing.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.