[terraform] Expose shared dynamodb tables

Summary:
> This stack resolves issues encountered when setting up fresh staging AWS account with Terraform.

This diff resolves an issue when running terraform plan on plain fresh AWS account. The `aws_dynamodb_table` data doesn't resolve to anything because the DDB table isn't yet created.

Resources from inside module aren't globally exposed, so I created a `outputs.tf` file in the shared module and iterated over explicitly-specified table resources to expose them.

> I really wanted to do it in a more automated way, but TF has no good mechanism for iterating over all resources yet. There's an [[ hashicorp/terraform#19931 | open issue ]] for that where people share other usecases for such feature.

Depends on D8714

Test Plan: Production `terraform plan` with no changes. Staging plan no longer fails.

Reviewers: jon, varun

Reviewed By: jon

Subscribers: ashoat, tomek

Differential Revision: https://phab.comm.dev/D8715

services/terraform/modules/shared/outputs.tf

@@ -0,0 +1,13 @@
+locals {
+  exported_dynamodb_tables = [
+    aws_dynamodb_table.feature-flags
+  ]
+}
+
+# map table names to their resources
+output "dynamodb_tables" {
+  value = {
+    for table in local.exported_dynamodb_tables :
+    table.name => table
+  }
+}

services/terraform/remote/aws_iam.tf

@@ -108,9 +108,6 @@ resource "aws_iam_role" "services_ddb_full_access" {
 }
 
 # Feature Flags IAM
-data "aws_dynamodb_table" "feature_flags" {
-  name = "feature-flags"
-}
 data "aws_iam_policy_document" "read_feature_flags" {
   statement {
     sid    = "FeatureFlagsDDBReadAccess"
@@ -122,7 +119,7 @@ data "aws_iam_policy_document" "read_feature_flags" {
       "dynamodb:Scan",
     ]
     resources = [
-      data.aws_dynamodb_table.feature_flags.arn,
+      module.shared.dynamodb_tables["feature-flags"].arn
     ]
   }
 }