From 34fb90814b2ee0b15a2d83db1d4602f3a4148f77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9CSubramanian?= <“smoneyan@gmail.com”>
Date: Mon, 29 May 2023 15:22:14 +0800
Subject: [PATCH] Ignore policy creation when integration is disabled

---
 data.tf | 2 ++
 iam.tf  | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/data.tf b/data.tf
index f5a171a..a3d4059 100644
--- a/data.tf
+++ b/data.tf
@@ -357,6 +357,8 @@ data "aws_iam_policy_document" "aqua_cspm_custom_trust" {
 }
 
 data "aws_iam_policy_document" "aquahub_sechub_trust" {
+  count = local.enable_security_hub_integration ? 1 : 0
+
   statement {
     effect = "Allow"
 
diff --git a/iam.tf b/iam.tf
index d5fd0f7..fcf6344 100644
--- a/iam.tf
+++ b/iam.tf
@@ -74,7 +74,7 @@ resource "aws_iam_role" "aqua_cspm_sechub" {
   path                 = "/"
   max_session_duration = "3600"
 
-  assume_role_policy = data.aws_iam_policy_document.aquahub_sechub_trust.json
+  assume_role_policy = data.aws_iam_policy_document.aquahub_sechub_trust[0].json
 }
 
 resource "aws_iam_role_policy_attachment" "aqua_cspm_sechub" {