Terraform module to create the Drata Autopilot Role in AWS
Note the example below uses ref=main
. It is recommended to pin this module to a specific tag version (i.e. ref=1.0.0
) to avoid breaking changes. See the releases page for a list of published versions.
module "drata_autopilot_role" {
source = "git::https://github.com/drata/terraform-aws-drata-autopilot-role.git?ref=main"
role_sts_externalid = "YOUR_EXTERNAL_ID"
}
# this will output the Role ARN
output "drata_autopilot_role" {
value = module.drata_autopilot_role.role_arn
}
Replace YOUR_EXTERNAL_ID
with the External ID in the AWS connection panel in Drata
After you apply this terraform, it will output the Role ARN that you can paste into the AWS connection panel in Drata to initiate the connection.
The following steps demonstrate how to connect AWS in Drata when using this terraform module.
- Add the code above to your terraform code
- Replace
main
inref=main
with the latest version from the releases page - In your browser, open https://app.drata.com/account-settings/connections/aws
- Copy the
Drata External ID
from the AWS connection panel in Drata and replaceYOUR_EXTERNAL_ID
in the module with the ID you copied- Do NOT close the drawer or click the Save button at this point
- Back in your terminal, run
terraform init
to download/update the module - Run
terraform apply
and IMPORTANT review the plan output before typingyes
- When the terraform is applied, it will output the Role ARN, copy the ARN
- Paste the Role ARN into the Role ARN field in the AWS Connections drawer in Drata
- Click the
Save & Test Connection
button