fix: Correct service principal to rds.amazonaws.com (incl China) (#32)

Co-authored-by: Bryant Biggs <[email protected]>
Co-authored-by: Anton Babenko <[email protected]>

Author: 3 people

README.md

@@ -91,6 +91,7 @@ No modules.
 | [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_service_principal.rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/service_principal) | data source |
 
 ## Inputs
 

main.tf

@@ -6,7 +6,12 @@ locals {
 
 data "aws_region" "current" {}
 data "aws_partition" "current" {}
+data "aws_service_principal" "rds" {
+  count = var.create && var.create_iam_role ? 1 : 0
 
+  service_name = "rds"
+  region       = data.aws_region.current.name
+}
 ################################################################################
 # RDS Proxy
 ################################################################################
@@ -111,7 +116,7 @@ data "aws_iam_policy_document" "assume_role" {
 
     principals {
       type        = "Service"
-      identifiers = ["rds.${data.aws_partition.current.dns_suffix}"]
+      identifiers = [data.aws_service_principal.rds[0].name]
     }
   }
 }