fix: databricks-catalog-external-location - Make role self-assuming

chanzuckerberg · Oct 23, 2024 · 372233e · 372233e
1 parent 0cd752c
commit 372233e
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/databricks-catalog-external-location/main.tf b/databricks-catalog-external-location/main.tf
@@ -60,7 +60,10 @@ data "aws_iam_policy_document" "databricks_external_location_assume_role" {
   statement {
     principals {
       type        = "AWS"
-      identifiers = ["arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL"]
+      identifiers = [
+        "arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL",
+        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role${local.path}${local.iam_role_name}"
+      ]
     }
 
     actions = ["sts:AssumeRole"]