Enhanced Monitoring role: Protecting against the confused deputy problem

[hibanka]

AWS recommends using the aws:SourceArn and aws:SourceAccount global condition context keys in a trust policy for Enhanced Monitoring role.

Detailed explanation: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.Enabling.html#USER_Monitoring.OS.confused-deputy

terraform-aws-rds/modules/db_instance/main.tf

Lines 175 to 186 in 22b02b3

	data "aws_iam_policy_document" "enhanced_monitoring" {
	statement {
	actions = [
	"sts:AssumeRole",
	]
	principals {
	type = "Service"
	identifiers = ["monitoring.rds.amazonaws.com"]
	}
	}
	}