From aa09849346f25c1b960d810a723177b7fe781efc Mon Sep 17 00:00:00 2001
From: roncitrus <Alistair.Curtis@digital.justice.gov.uk>
Date: Tue, 12 Dec 2023 09:53:36 +0000
Subject: [PATCH] point to correct role

---
 terraform/environments/cdpt-chaps/database.tf | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/terraform/environments/cdpt-chaps/database.tf b/terraform/environments/cdpt-chaps/database.tf
index 579a80a095d..1cfd6f98813 100644
--- a/terraform/environments/cdpt-chaps/database.tf
+++ b/terraform/environments/cdpt-chaps/database.tf
@@ -17,7 +17,7 @@ resource "aws_db_instance" "database" {
 resource "aws_db_instance_role_association" "rds_s3_role_association" {
 	db_instance_identifier 	= aws_db_instance.database.identifier
 	feature_name 						= "S3_INTEGRATION"
-	role_arn               = "arn:aws:iam::613903586696:role/RDS-S3-CrossAccountAccess"
+	role_arn               = "arn:aws:iam::613903586696:role/RDS-S3-XAccountAccess"
 }
 
 resource "aws_security_group" "db" {
@@ -76,13 +76,11 @@ resource "aws_iam_role" "rds_s3_access" {
 					Service = "rds.amazonaws.com"
 				},
 				Action = "sts:AssumeRole",
-			},
-			{
-				Effect = "Allow",
-				Principal = {
-					AWS = "arn:aws:iam::513884314856:root"
-				},
-				Action = "sts:AssumeRole"
+				Condition = {
+					StringEquals = {
+					"sts:ExternalId": "613903586696"
+					}
+				}
 			}
 		]
 	})