From 639a5cd92730a01eeb713893c916d3802ef41d8a Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 2 Apr 2021 09:25:08 -0400 Subject: [PATCH] enable template_file.role only for when ldap enabled --- main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 84b0001..f650705 100644 --- a/main.tf +++ b/main.tf @@ -108,6 +108,7 @@ resource "aws_iam_role_policy_attachment" "role" { } data "template_file" "role" { + count = local.enable_ldap ? 1 : 0 template = file("${path.module}/templates/iam-role-ldif.${local.account_environment}.tpl") vars = { role_name = aws_iam_role.role.name @@ -124,7 +125,7 @@ resource "null_resource" "role_ldif" { command = "test -d ${path.root}/setup || mkdir ${path.root}/setup" } provisioner "local-exec" { - command = "echo '${data.template_file.role.rendered}' > ${path.root}/setup/${aws_iam_role.role.name}.ldif" + command = "echo '${data.template_file.role[0].rendered}' > ${path.root}/setup/${aws_iam_role.role.name}.ldif" } provisioner "local-exec" { command = "echo 'Once complete, execute tf-apply again to create LDAP group'"