thejohnny · April 25, 2018 16:24
diff --git a/main.tf b/main.tf
 data "template_file" "sts_assume_role" {
  template = "${file("${path.module}/templates/policies/sts-assume-role.json")}"

  vars {
    sts_external_id = "${var.sts_external_id}"
  }
 }

 resource "aws_iam_role" "main" {
  name               = "DatadogAWSIntegrationRole"
  description        = "IAM role for DatadogAWSIntegrationPolicy"
  assume_role_policy = "${data.template_file.sts_assume_role.rendered}"
 }

 resource "aws_iam_role_policy" "main" {
  name   = "DatadogAWSIntegrationPolicy"
  role   = "${aws_iam_role.main.id}"
  policy = "${file("${path.module}/templates/policies/datadog-aws-integration.json")}"
 }
diff --git a/sts-assume-role.json b/sts-assume-role.json
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "AWS": "464622532012"
      },
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "${sts_external_id}"
        }
      },
      "Effect": "Allow"
    }
  ]
 }
	data "template_file" "sts_assume_role" {
	template = "${file("${path.module}/templates/policies/sts-assume-role.json")}"

	vars {
	sts_external_id = "${var.sts_external_id}"
	}
	}

	resource "aws_iam_role" "main" {
	name = "DatadogAWSIntegrationRole"
	description = "IAM role for DatadogAWSIntegrationPolicy"
	assume_role_policy = "${data.template_file.sts_assume_role.rendered}"
	}

	resource "aws_iam_role_policy" "main" {
	name = "DatadogAWSIntegrationPolicy"
	role = "${aws_iam_role.main.id}"
	policy = "${file("${path.module}/templates/policies/datadog-aws-integration.json")}"
	}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": "sts:AssumeRole",
	"Principal": {
	"AWS": "464622532012"
	},
	"Condition": {
	"StringEquals": {
	"sts:ExternalId": "${sts_external_id}"
	}
	},
	"Effect": "Allow"
	}
	]
	}