diff --git a/main.tf b/main.tf
index 42dbee0..79694b0 100644
--- a/main.tf
+++ b/main.tf
@@ -83,7 +83,10 @@ resource "aws_iam_user_policy" "cd" {
         Action = [
           "iam:PassRole",
         ]
-        Resource = module.ecsasg.ecsServiceRole_arn
+        Resource = compact([
+          module.ecsasg.ecsServiceRole_arn,
+          var.execution_role_arn,
+        ])
       },
     ]
   })
diff --git a/variables.tf b/variables.tf
index 031ac5c..396dbc9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -288,5 +288,5 @@ variable "execution_role_arn" {
     using Fargate or to reference secrets from SSM Parameter Store.
     EOF
   type        = string
-  default     = null
+  default     = ""
 }