From bbbf50ce8734f05d4ac69fa41c23c88094b82356 Mon Sep 17 00:00:00 2001
From: vladislav-orlovskiy
 <77527847+vladislav-orlovskiy@users.noreply.github.com>
Date: Thu, 22 May 2025 11:51:06 +0200
Subject: [PATCH] fix: Correct service principal to rds.amazonaws.com (incl
 China) (#32)

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
Co-authored-by: Anton Babenko <anton@antonbabenko.com>
---
 README.md | 1 +
 main.tf   | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c88d85a..3825e57 100644
--- a/README.md
+++ b/README.md
@@ -91,6 +91,7 @@ No modules.
 | [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_service_principal.rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/service_principal) | data source |
 
 ## Inputs
 
diff --git a/main.tf b/main.tf
index a16f796..f622a07 100644
--- a/main.tf
+++ b/main.tf
@@ -6,7 +6,12 @@ locals {
 
 data "aws_region" "current" {}
 data "aws_partition" "current" {}
+data "aws_service_principal" "rds" {
+  count = var.create && var.create_iam_role ? 1 : 0
 
+  service_name = "rds"
+  region       = data.aws_region.current.name
+}
 ################################################################################
 # RDS Proxy
 ################################################################################
@@ -111,7 +116,7 @@ data "aws_iam_policy_document" "assume_role" {
 
     principals {
       type        = "Service"
-      identifiers = ["rds.${data.aws_partition.current.dns_suffix}"]
+      identifiers = [data.aws_service_principal.rds[0].name]
     }
   }
 }