AWS Account ID doesn't work with newer AWS regions

[akuzkohqs]

Describe the Bug

The data source for the ELB doesn't work with newer regions:

For AWS Regions opened since Jakarta (ap-southeast-3) in December 2021, AWS documents that a service principal name should be used instead of an AWS account ID in any relevant IAM policy.

Reference:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account

Expected Behavior

Region accepted and policy attached

Steps to Reproduce

Set the following in the provider block for aws provider:

region = "il-central-1"

Execute the base example to spin up the S3 bucket with ELB

The error would be like this:

│ Error: Unknown region ("il-central-1")
│
│ with module.s3_bucket.data.aws_elb_service_account.default[0],
│ on .terraform/modules/s3_bucket/main.tf line 18, in data "aws_elb_service_account" "default":
│ 18: data "aws_elb_service_account" "default" {

Screenshots

No response

Environment

• OS: Linux
• Terraform version: 1.9.7
• Terraform AWS provider: 5.52.0

terraform version output:
Terraform v1.9.7
on linux_amd64

• provider registry.terraform.io/hashicorp/aws v5.52.0
• provider registry.terraform.io/hashicorp/local v2.5.1
• provider registry.terraform.io/hashicorp/null v3.2.2
• provider registry.terraform.io/hashicorp/random v3.6.2
• provider registry.terraform.io/hashicorp/time v0.11.2
• provider registry.terraform.io/hashicorp/tls v4.0.5

Additional Context

Seems like we need to adjust the conditions to support an updated policy:
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy

Open question: how could we detect new (August 2022 or later) regions programmatically?

Possible solution (from other repository) - check the aws_iam_policy_document data block:
https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/blob/master/main.tf