In Terraform aws provider, we can use the below to attach a Resource based policy to the secrets manager.
aws_iam_policy_document Data resource and attach the same to the secrets mangeraws_secretsmanager_secret_policy for a secrets manager.I remember the older versions of the provider for e.g 2.7 did not had aws_secretsmanager_secret_policy and we had to use the data resource to attach policy to the secrets manager. Now the latest version supports both.
What is the benefit of using the aws_secretsmanager_secret_policy over aws_iam_policy_document and under what conditions we can choose one over the other ?
I think your actual question is about setting the policy attribute on the aws_secretsmanager_secret resource, versus creating the policy as a separate aws_secretsmanager_secret_policy resource.
The main reason you would use aws_secretsmanager_secret_policy instead of setting it directly on the secret resource, is if the secret was created in different Terraform code, or perhaps completely outside of Terraform. For example if you wanted to create a Terraform template to look up all your AWS secrets, and set a policy on all of them.
You can use aws_iam_policy_document with either of these. aws_iam_policy_document is just a way to define IAM policies in Terraform code instead of embedded raw JSON strings.