Add AWS region type variable to support govcloud

[james-gibson-fr]

The module has hard coded a handful of arns prefixed with arn:aws: which causes issues in govcloud accounts. See using govcloud arns. It would be nice if there were a region type variable like

variable "aws_region_type" {
  description = ""
  default     = "aws"
  type        = string
  validation {
    condition     = lookup(["aws", "aws-us-gov"], var.aws_region_type, false)
    error_message = "Value must be one of 'aws', 'aws-us-gov'."
  }
}

which could be used like policy_arn = "arn:${var.aws_region_type}:iam... throughout the module to add govcloud support. I'd be happy to contribute the changes

[moritzzimmer]

thx for bringing this up @james-gibson-fr, I wasn't aware of those differences.

Another possible solution could be to compute the ARN prefix from the current region datasource (e.g. in a local variable). This could increase developer experiences and reduce possible errors. What do you think? Happy to review your PR!

[jnickels]

The same problem exists for AWS CN. Maybe you can consider this in your PR 😃