[DOCS-11726] Add tabs for US1-FED account types (#31026)

buraizu · web-flow · commit 4970f738b86f · 2025-08-11T15:01:17.000-07:00
* [DOCS-11726] Add tabs for US1-FED account types

* [DOCS-11726] Remove duplicate config
diff --git a/content/en/integrations/guide/aws-terraform-setup.md b/content/en/integrations/guide/aws-terraform-setup.md
@@ -277,19 +277,21 @@ resource "datadog_integration_aws_account" "datadog_integration" {
 {{< /site-region >}}
 
 {{< site-region region="gov" >}}
-2. Set up your Terraform configuration file using the example below as a base template. Ensure to update the following parameters before you apply the changes:
+2. Select the tab for your AWS account type, and then use the example below as a base template to set up your Terraform configuration file. Ensure to update the following parameters before you apply the changes:
    * `AWS_PERMISSIONS_LIST`: The IAM policies needed by Datadog AWS integrations. The current list is available in the [Datadog AWS integration][1] documentation.
    * `AWS_ACCOUNT_ID`: Your AWS account ID.
 
-See the [Terraform Registry][2] for further example usage and the full list of optional parameters, as well as additional Datadog resources.
+{{< tabs >}}
+
+{{% tab "AWS Commercial Cloud" %}}
 
 ```hcl
 data "aws_iam_policy_document" "datadog_aws_integration_assume_role" {
   statement {
     actions = ["sts:AssumeRole"]
     principals {
       type        = "AWS"
-      identifiers = ["arn:aws:iam::065115117704:root"]
+      identifiers = ["arn:aws:iam::392588925713:root"]
     }
     condition {
       test     = "StringEquals"
@@ -357,6 +359,90 @@ resource "datadog_integration_aws_account" "datadog_integration" {
 }
 ```
 
+{{% /tab %}}
+
+{{% tab "AWS GovCloud" %}}
+
+```hcl
+data "aws_iam_policy_document" "datadog_aws_integration_assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+    principals {
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::065115117704:root"]
+    }
+    condition {
+      test     = "StringEquals"
+      variable = "sts:ExternalId"
+      values = [
+        "${datadog_integration_aws_account.datadog_integration.auth_config.aws_auth_config_role.external_id}"
+      ]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "datadog_aws_integration" {
+  statement {
+    actions = [<AWS_PERMISSIONS_LIST>]
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_policy" "datadog_aws_integration" {
+  name   = "DatadogAWSIntegrationPolicy"
+  policy = data.aws_iam_policy_document.datadog_aws_integration.json
+}
+resource "aws_iam_role" "datadog_aws_integration" {
+  name               = "DatadogIntegrationRole"
+  description        = "Role for Datadog AWS Integration"
+  assume_role_policy = data.aws_iam_policy_document.datadog_aws_integration_assume_role.json
+}
+resource "aws_iam_role_policy_attachment" "datadog_aws_integration" {
+  role       = aws_iam_role.datadog_aws_integration.name
+  policy_arn = aws_iam_policy.datadog_aws_integration.arn
+}
+resource "aws_iam_role_policy_attachment" "datadog_aws_integration_security_audit" {
+  role       = aws_iam_role.datadog_aws_integration.name
+  policy_arn = "arn:aws:iam::aws:policy/SecurityAudit"
+}
+
+resource "datadog_integration_aws_account" "datadog_integration" {
+  account_tags   = []
+  aws_account_id = "<ACCOUNT_ID>"
+  aws_partition  = "aws-us-gov"
+  aws_regions {
+    include_all = true
+  }
+  auth_config {
+    aws_auth_config_role {
+      role_name = "DatadogIntegrationRole"
+    }
+  }
+    resources_config {
+    cloud_security_posture_management_collection = false
+    extended_collection                          = true
+  }
+  traces_config {
+    xray_services {
+    }
+  }
+    logs_config {
+    lambda_forwarder {
+    }
+  }
+  metrics_config {
+    namespace_filters {
+    }
+  }
+}
+```
+
+{{% /tab %}}
+
+{{< /tabs >}}
+
+See the [Terraform Registry][2] for further example usage and the full list of optional parameters, as well as additional Datadog resources.
+
 <div class="alert alert-info"></a><strong>Note</strong>: By default, the above configuration doesn't include Cloud Security. To enable Cloud Security, under <code>resources_config</code>, set <code>cloud_security_posture_management_collection = true</code>.</div>
 
 [1]: /integrations/amazon_web_services/?tab=manual#aws-iam-permissions
