diff --git a/main.tf b/main.tf
index 84b0001..f650705 100644
--- a/main.tf
+++ b/main.tf
@@ -108,6 +108,7 @@ resource "aws_iam_role_policy_attachment" "role" {
 }
 
 data "template_file" "role" {
+  count    = local.enable_ldap ? 1 : 0
   template = file("${path.module}/templates/iam-role-ldif.${local.account_environment}.tpl")
   vars = {
     role_name         = aws_iam_role.role.name
@@ -124,7 +125,7 @@ resource "null_resource" "role_ldif" {
     command = "test -d ${path.root}/setup || mkdir ${path.root}/setup"
   }
   provisioner "local-exec" {
-    command = "echo '${data.template_file.role.rendered}' > ${path.root}/setup/${aws_iam_role.role.name}.ldif"
+    command = "echo '${data.template_file.role[0].rendered}' > ${path.root}/setup/${aws_iam_role.role.name}.ldif"
   }
   provisioner "local-exec" {
     command = "echo 'Once complete, execute tf-apply again to create LDAP group'"