diff --git a/openstack/00-init.tf b/openstack/00-init.tf
index 85fb524..3e82c65 100644
--- a/openstack/00-init.tf
+++ b/openstack/00-init.tf
@@ -21,8 +21,3 @@ variable "cloud" {
   type    = string
   default = ""
 }
-
-variable "heat_domain_id" {
-  type    = string
-  default = ""
-}
diff --git a/openstack/arif-home.tfvars b/openstack/arif-home.tfvars
index fd605d8..d64fd24 100644
--- a/openstack/arif-home.tfvars
+++ b/openstack/arif-home.tfvars
@@ -1,3 +1,2 @@
 cloud = "arif-home"
 domain_id = "3fd5a53e08e243b49ac3b171d57b4e4a"
-heat_domain_id = "cf34d55eaf294678971be7ad732be0d2"
diff --git a/openstack/stsstack_init/01-heat-roles.tf b/openstack/stsstack_init/01-heat-roles.tf
index baed8a5..1c52e06 100644
--- a/openstack/stsstack_init/01-heat-roles.tf
+++ b/openstack/stsstack_init/01-heat-roles.tf
@@ -1,12 +1,19 @@
+resource "openstack_identity_project_v3" "heat_domain" {
+    name          = "heat"
+    description   = "(tf managed) Domain for heat"
+    enabled       = true
+    is_domain     = true
+}
+
 resource "openstack_identity_user_v3" "heat_domain_admin" {
-  domain_id = var.heat_domain_id
+  domain_id = openstack_identity_project_v3.heat_domain.id
   name = "heat_domain_admin"
 
   password = "Ht8NdKTGdpJjRsS4V33tsVW4mSztgZMs" # leader-get heat-domain-admin-passwd
 }
 
 resource "openstack_identity_role_assignment_v3" "heat_admin_role_assignment" {
-  domain_id  = var.heat_domain_id
+  domain_id  = openstack_identity_project_v3.heat_domain.id
   user_id    = openstack_identity_user_v3.heat_domain_admin.id
   role_id    = data.openstack_identity_role_v3.admin.id
 }