File modified: @@ -278677,7 +278677,7 @@ } }, "aws:iam/rolePoliciesExclusive:RolePoliciesExclusive": { - "description": "Pulumi resource for maintaining exclusive management of inline policies assigned to an AWS IAM (Identity \u0026 Access Management) role.\n\n\u003e **NOTE:** To reliably detect drift between customer managed inline policies listed in this resource and actual policies attached to the role in the cloud, you currently need to run Pulumi with `pulumi up --refresh`. See [#4766](https://github.com/pulumi/pulumi-aws/issues/4766) for tracking making this work with regular `pulumi up` invocations.\n\n!\u003e This resource takes exclusive ownership over inline policies assigned to a role. This includes removal of inline policies which are not explicitly configured. To prevent persistent drift, ensure any `aws.iam.RolePolicy` resources managed alongside this resource are included in the `policy_names` argument.\n\n\u003e Destruction of this resource means Pulumi will no longer manage reconciliation of the configured inline policy assignments. It __will not__ delete the configured policies from the role.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.RolePoliciesExclusive(\"example\", {\n roleName: exampleAwsIamRole.name,\n policyNames: [exampleAwsIamRolePolicy.name],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.RolePoliciesExclusive(\"example\",\n role_name=example_aws_iam_role[\"name\"],\n policy_names=[example_aws_iam_role_policy[\"name\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.RolePoliciesExclusive(\"example\", new()\n {\n RoleName = exampleAwsIamRole.Name,\n PolicyNames = new[]\n {\n exampleAwsIamRolePolicy.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRolePoliciesExclusive(ctx, \"example\", \u0026iam.RolePoliciesExclusiveArgs{\n\t\t\tRoleName: pulumi.Any(exampleAwsIamRole.Name),\n\t\t\tPolicyNames: pulumi.StringArray{\n\t\t\t\texampleAwsIamRolePolicy.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.RolePoliciesExclusive;\nimport com.pulumi.aws.iam.RolePoliciesExclusiveArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new RolePoliciesExclusive(\"example\", RolePoliciesExclusiveArgs.builder()\n .roleName(exampleAwsIamRole.name())\n .policyNames(exampleAwsIamRolePolicy.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:RolePoliciesExclusive\n properties:\n roleName: ${exampleAwsIamRole.name}\n policyNames:\n - ${exampleAwsIamRolePolicy.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Disallow Inline Policies\n\nTo automatically remove any configured inline policies, set the `policy_names` argument to an empty list.\n\n\u003e This will not __prevent__ inline policies from being assigned to a role via Pulumi (or any other interface). This resource enables bringing inline policy assignments into a configured state, however, this reconciliation happens only when `apply` is proactively run.\n\n\u