module does not provide outputs

[shrugs]

the outputs.tf file is empty, so it's impossible to reference the generated roles/policies/resources, except by duplicating the specific string templating like so, which is fragile

resource "aws_iam_group_policy" "additional_admin_policy" {
  name  = "tf-${var.service_name}-${var.stage}-additional-admin-policy"
  group = "tf-${var.service_name}-${var.stage}-admin"
  # ^ this part implicitly references the group created by the module

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:PutEncryptionConfiguration"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
EOF
}

[ryan-roemer]

Yeah, I did the minimum at the start figuring we'd see what was needed over time 😄

... so I'm thinking the three IAM groups as a reasonable first set of outputs?