Expand Bedrock permissions

[morga471]

Group in lab is trying to test Bedrock Agents.
Chris Jackson reached out with error messages they were hitting.
Discovered they were using Bedrock Console to create Bedrock Agents which was failing due to inability to create a Role for the agent, and to create/attach the policy to that role. Once those were in place, role creation/policy creation succeeded but Agent Create failed due to PassRole, added that as well, and agent creation succeeded.

PR in Draft - Will continue testing/validate with Chris Jackson. Once confirmed from customer will submit PR

[badra001]

Nope. I don't want people to have permissions to create these. When needed, they are to be created through TF. For new accounts, common/service-llnked-roles.tf is provisioned, with some variables files

• service-linked-roles.tf
• variables.service-linked-roles.auto.tfvars
• variables.service-linked-roles.tf

If it's an existing account without this, you can grab these files from

support/local-app/aws-account-setup/ansible/roles/inf-common/files

and import ones which may be created, and add new ones needed and follow with git workflow.

May I ask you to create a how-to document for this in support/docs/how-to/aws-service-linked-roles/README.md?