From 0107e1bbb4a75a1377a55ebaa1d436a4c7ee2a1f Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Mon, 20 May 2024 13:19:42 +0100 Subject: [PATCH] Fix cloudtrail role attachment * Resource needs to be conditional, only created when `enable_cloudtrail` is set --- cloudtrail.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cloudtrail.tf b/cloudtrail.tf index fc4031c..241d6d7 100644 --- a/cloudtrail.tf +++ b/cloudtrail.tf @@ -85,6 +85,8 @@ resource "aws_iam_policy" "cloudtrail_cloudwatch_logs" { } resource "aws_iam_role_policy_attachment" "cloudtrail_cloudwatch_logs" { + count = local.enable_cloudtrail ? 1 : 0 + role = aws_iam_role.cloudtrail_cloudwatch_logs[0].name policy_arn = aws_iam_policy.cloudtrail_cloudwatch_logs[0].arn }