Merge pull request #26 from SPHTech-Platform/fix/error-when-disabled

Ignore policy data source when integration is disabled
SPHTech-Platform · May 29, 2023 · ad7079e · ad7079e
2 parents c54d027 + cf94431
commit ad7079e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/data.tf b/data.tf
@@ -357,6 +357,8 @@ data "aws_iam_policy_document" "aqua_cspm_custom_trust" {
 }
 
 data "aws_iam_policy_document" "aquahub_sechub_trust" {
+  count = local.enable_security_hub_integration ? 1 : 0
+
   statement {
     effect = "Allow"
 

diff --git a/iam.tf b/iam.tf
@@ -74,7 +74,7 @@ resource "aws_iam_role" "aqua_cspm_sechub" {
   path                 = "/"
   max_session_duration = "3600"
 
-  assume_role_policy = data.aws_iam_policy_document.aquahub_sechub_trust.json
+  assume_role_policy = data.aws_iam_policy_document.aquahub_sechub_trust[0].json
 }
 
 resource "aws_iam_role_policy_attachment" "aqua_cspm_sechub" {