diff --git a/patch-aws-auth/main.tf b/patch-aws-auth/main.tf
index c5e23b7..2411820 100644
--- a/patch-aws-auth/main.tf
+++ b/patch-aws-auth/main.tf
@@ -71,13 +71,13 @@ locals {
   joined_auth_roles = var.aws_auth_roles
 
   mapped_auth_users = [for u in local.joined_auth_users : {
-    userarn      = data.aws_iam_user.auth_users[u.aws_username].arn
+    userarn      = u.aws_username != "" ? data.aws_iam_user.auth_users[u.aws_username].arn : userarn
     aws_username = u.aws_username
     username     = u.username
     groups       = u.groups
   }]
   mapped_auth_roles = [for u in local.joined_auth_roles : {
-    rolearn      = data.aws_iam_role.auth_roles[u.aws_rolename].arn
+    rolearn      = u.aws_rolename != "" ? data.aws_iam_role.auth_roles[u.aws_rolename].arn : rolearn
     aws_rolename = u.aws_rolename
     username     = u.username
     groups       = u.groups