improvements to s3-remote-state module

[ketzacoatl]

See for reference - https://github.com/fpco/terraform-aws-foundation/blob/0d3d60f6989ad74149b5957150e83e915128ddd7/modules/s3-remote-state/main.tf

One thing to make more clear: this module is a little confusing, but it's mostly advanced IAM features doing that. Here's another way of saying it:

I guess the other way to describe the difference here is that the s3-bucket-policy-full-access creates a policy which is attached to the S3 bucket and defines some list of IAM principals which can access the bucket. While the iam-full-access is creating policies (2, one requiring MFA and one not), that can be associated with IAM users/roles and used to provide access that way.

Requirements

• rename the resources: s3-full-access to s3-bucket-policy-full-access and bucket-full-access to iam-policy-full-access.
• There are 3 pairs of IAM data sources and resources, move each to their own module.
• Update this module to use those new IAM modules.
• Add a boolean variable for each of the 3 IAM policies the module creates (which enables/disables the policies from being created), passing those to the new IAM modules.
• Review / update the module docs for clarity and to explain how this module works