module "role-mdr_terraformer" {
  source = "./modules/saml_linked_role"

  name                  = "mdr_terraformer"
  account_friendly_name = aws_iam_account_alias.alias.account_alias
  path                  = "/user/"
  assume_role_policy    = local.assume_role_policy
  okta_app_id           = data.okta_app.awsapp.id
  max_session_duration  = 28800
}

resource aws_iam_role_policy_attachment "mdr_terraformer-mdr_terraformer" {
  role       = module.role-mdr_terraformer.name
  policy_arn = aws_iam_policy.mdr_terraformer.arn
}