One can do a test AWS connector manually, check the resource details with `az resource` (something like `az resource show --ids '/subscriptions/xxx/resourceGroups/xxx-rg/providers/Microsoft.Security/securityConnectors/whatevername'`) and use that for AzAPI terraform resource. Not fun though as the documentation for the API calls is rather minimal.
Also in hierarchical case it can be rather impossible to manage through code as e.g. with GCP when you do the connector to the GCP organization, there will be automatically new securityConnectors for the projects it finds. At least with GCP the names also seem to vary between projectId (projectName) and projectId (orgName_projectName) which is rather annoying.
I guess the Defender/Sentinel teams comes from Windows application world and is not that familiar how to manage cloud environments, e.g. the terraform from the UI is considered a script with no management for the terraform state and if they had ever used terraform, they'd know what will happen if try to run terraform again against existing resources. A bit unprofessional for an organization of the size and resources like Microsoft.
(I'm not going into the details what the GCP IAM Logs Azure Functions does, or what the terraform for Pub/Sub Audit log connector does on Sentinel.. Audit logs indeed when the log sink is created without any filters)