Terraform best practices for iam policy management

We are using terraform enterprise for managing our resources. We have multiple AWS accounts which acts as different environments. They all share the same codebase in git in different branches.

I would like to ask how we can manage iam policies in a proper way. We always have the situation were policies are not identical between environments. For example the dev environments typically has other access rights or some policies that are still in develoment and not ready for deployment.

How can we ensure, that our terraform code is 100% environtment neutral and takes different policies for every environtment the code gets applied?

For some easy things we are using variables of course, but I think putting the whole policy in a variable is not suitable. Also the policy should also under version control.

Do you also have this scenario? How do you handle it?