Policy assignment in AWS is not idempotent.

[difu]

- name: Assign a policy called S3ReadOnly to the webserver_role
  iam_policy:
    iam_type: role
    iam_name: webserver_role
    policy_name: S3ReadOnly
    state: present
    policy_document: roles/IAM/files/iam_policy_s3_read.json

run twice produces error.