Ah ok, so terraform has a great big warning in their docs about this:
https://www.terraform.io/docs/providers/aws/r/iam_policy_attachment.html
Just thinking, I recall seeing this warning when I used terraform because I would always have their docs open when writing any terraform config. With pulumi because I'm using TS, I can just click into the type definitions and read the comments to get most of the info I need - it might be worth adding this warning into comments