fix: databricks-catalog-external-location - Make role self-assuming (#…

…664) Co-authored-by: Vivian Shao <[email protected]>
chanzuckerberg · Oct 24, 2024 · 7ff6b93 · 7ff6b93
1 parent eb4a894
commit 7ff6b93
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/databricks-catalog-external-location/main.tf b/databricks-catalog-external-location/main.tf
@@ -60,7 +60,10 @@ data "aws_iam_policy_document" "databricks_external_location_assume_role" {
   statement {
     principals {
       type        = "AWS"
-      identifiers = ["arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL"]
+      identifiers = [
+        "arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL",
+        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role${local.path}${local.iam_role_name}"
+      ]
     }
 
     actions = ["sts:AssumeRole"]