From 7ff6b93aa8aaa1ed843079c75d26bbd9861e4806 Mon Sep 17 00:00:00 2001
From: James Bartolome <jbartolome@chanzuckerberg.com>
Date: Thu, 24 Oct 2024 13:22:17 -0700
Subject: [PATCH] fix: databricks-catalog-external-location - Make role
 self-assuming (#664)

Co-authored-by: Vivian Shao <104519112+naihsuanshao@users.noreply.github.com>
---
 databricks-catalog-external-location/main.tf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/databricks-catalog-external-location/main.tf b/databricks-catalog-external-location/main.tf
index de9d0232..568e4a8a 100644
--- a/databricks-catalog-external-location/main.tf
+++ b/databricks-catalog-external-location/main.tf
@@ -60,7 +60,10 @@ data "aws_iam_policy_document" "databricks_external_location_assume_role" {
   statement {
     principals {
       type        = "AWS"
-      identifiers = ["arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL"]
+      identifiers = [
+        "arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL",
+        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role${local.path}${local.iam_role_name}"
+      ]
     }
 
     actions = ["sts:AssumeRole"]