As mentioned in the aws_iam_policy_attachment resource docs this resource creates an exclusive attachment of that policy to specified users, groups and roles and isn't normally what you want so I'd recommend the aws_iam_group_policy_attachment resource.
It will look like this:
resource "aws_iam_group" "aws_config_group" {
name = "AWSConfigGroup"
path = "/"
}
resource "aws_iam_group_policy_attachment" "aws_config_attach" {
group = "${aws_iam_group.aws_config_group.name}"
policy_arn = "arn:aws:iam::aws:policy/service_role/AWSConfigRole"
}