xdr-terraform-modules/submodules/iam/common_services_roles/assume_role_policy-non_saml.tf

data "aws_iam_policy_document" "non_saml_assume_role_policy" {
    statement {
    sid    = "AllowAssumeRoleFromReadOnly"
    effect = "Allow"
    principals {
      type        = "AWS"
      identifiers = [
        "arn:${local.aws_partition}:iam::${local.aws_account}:role/user/mdr_engineer_readonly"
      ]
    }

    actions = [
      "sts:AssumeRole",
    ]
  }
}