Hey y'all. I'm trying to import an AWS IAM Role however it looks like the import does not work properly / does not compare the import code vs the existing role correctly. For example, I have a role that I have managed policies added for sake of argument, app mesh full access and administrator access. In my Pulumi code, I have only added inline policies and no managed policies at all. When I do the import, it says that the role can be imported no problem even though my code does not include the 2 managed policies. However, if I add one of the managed policies to my code, when I do the import, it complains that there is one managed policy missing which is what I would expect. Anyone encountered this bug?

I'm afraid I'm having a hard time following. Can you share the code that is being generated and what you expect it to contain?

I think it's easier to show with screenshot. This is the role in AWS and my Pulumi code in the other screenshot. I've cut it for brevity, but the inline policy is the same and I include an "import" for the role. However, pulumi does not complain that they are different when doing pulumi up. The difference being, in the Pulumi code, there is no "managedPolicies" element which should cause it to say they are different, but it doesn't and allows the import. The fix, is that I actually should include a "managedPolicies" for the EnvoyAccess like the 3rd screenshot