d/aws_iam_service_linked_role: new data source can ensure the role exists

[alexbacchin]

New data source:

• aws_iam_service_linked_role

Description

This data source returns a service linked role but also can ensure its existence via attribute create_if_missing. It will call the create the IAM Service Linked role (in case does not exist) before exporting the data.
This ensure consistence either on existing accounts when the role was previously created or new deployments where the role does not yet exist.

The #29318 has the detailed discussion to back this. In summary, service linked roles can be created either by aws_iam_service_linked_role resource, AWS CLI or AWS itself when a service is invoked. It makes difficult to maintain modules that include the aws_iam_service_linked_role resource.
The import is a viable option is some scenarios, but not practical when 2 modules need this to ensure this role is present.

Relations

Relates: #39441 (I raised the PR few months ago but made a mistake and it was closed)
Closes #29318
Relates: hashicorp/terraform#33633

References

Output from Acceptance Testing

% make testacc TESTS=TestAccIAMServiceLinkedRoleDataSource PKG=iam
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.9 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMServiceLinkedRoleDataSource'  -timeout 360m -vet=off
2025/05/17 23:05:56 Initializing Terraform AWS Provider...
=== RUN   TestAccIAMServiceLinkedRoleDataSource_basic
=== PAUSE TestAccIAMServiceLinkedRoleDataSource_basic
=== RUN   TestAccIAMServiceLinkedRoleDataSource_customSuffix
=== PAUSE TestAccIAMServiceLinkedRoleDataSource_customSuffix
=== RUN   TestAccIAMServiceLinkedRoleDataSource_createIfMissing
=== PAUSE TestAccIAMServiceLinkedRoleDataSource_createIfMissing
=== CONT  TestAccIAMServiceLinkedRoleDataSource_basic
=== CONT  TestAccIAMServiceLinkedRoleDataSource_createIfMissing
=== CONT  TestAccIAMServiceLinkedRoleDataSource_customSuffix
--- PASS: TestAccIAMServiceLinkedRoleDataSource_customSuffix (32.42s)
--- PASS: TestAccIAMServiceLinkedRoleDataSource_basic (33.34s)
--- PASS: TestAccIAMServiceLinkedRoleDataSource_createIfMissing (33.39s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/iam        33.486s

[github-actions]

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.