Updated the account.hcl files and added an example file to be able to…

[nilsdebruin]

… test the assume role functionality. Updated the documentation as well.

Description

Fixes #000.

TODOs

Read the Gruntwork contribution guidelines.

• [ ] Update the docs.
• [ ] Run the relevant tests successfully, including pre-commit checks.
• [ ] Ensure any 3rd party code adheres with our license policy or delete this line if its not applicable.
• [ ] Include release notes. If this PR is backward incompatible, include a migration guide.

Release Notes (draft)

Added / Removed / Updated [X].

Migration Guide

[tamsky]

Would it be useful to include/document the alternate implementation that uses iam_role within terragrunt.hcl?

That could look something like:

terragrunt.hcl:
----
locals {
  iam_assume_role_for_this_terraform_stack = "arn:aws:iam::...:role/role_name"
  aws_account_id = "a fixed value" # can't use get_aws_account_id()
  
  # If the aws account ID for the current credentials
  # do not match the expected account_id,
  # switch to using an assumed role.
  maybe_iam_role = (get_aws_account_id() != local.aws_account_id) ? local.iam_assume_role_for_this_terraform_root : ""
}

# changing the value of iam_role potentially alters subsequent
# return values from get_aws_account_id():
iam_role = local.maybe_iam_role