update

terraform-modules · Jul 29, 2025 · 6b54843 · 6b54843
1 parent dd56c80
commit 6b54843
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 5 deletions.
diff --git a/rolesanywhere/README.md b/rolesanywhere/README.md
@@ -111,7 +111,7 @@ module "myrole3" {
 | <a name="input_managed_policy_arns"></a> [managed\_policy\_arns](#input\_managed\_policy\_arns) | List of IAM Managed Policy ARNs to attach to this role | `list(string)` | `[]` | no |
 | <a name="input_max_session_duration"></a> [max\_session\_duration](#input\_max\_session\_duration) | Override the maximum session duration from the default (3600) | `number` | `3600` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component (role, policy). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
-| <a name="input_role_description"></a> [role\_description](#input\_role\_description) | Role/application description | `string` | `""` | no |
+| <a name="input_role_description"></a> [role\_description](#input\_role\_description) | Role/application description | `string` | `null` | no |
 | <a name="input_role_name"></a> [role\_name](#input\_role\_name) | Role/application name without prefix | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 | <a name="input_validity_days"></a> [validity\_days](#input\_validity\_days) | Number of days for which the certificate is valid (default: 365, max: 365) | `number` | `365` | no |

diff --git a/rolesanywhere/aws_config.tf b/rolesanywhere/aws_config.tf
@@ -8,6 +8,6 @@ resource "local_file" "aws_config_file" {
     role_arn         = aws_iam_role.role.arn
     trust_anchor_arn = local.this_trust_arn
     profile_arn      = aws_rolesanywhere_profile.role.arn
-    region           = var.region
+    region           = local.region
   })
 }
diff --git a/rolesanywhere/certificate.tf b/rolesanywhere/certificate.tf
@@ -8,7 +8,7 @@ module "certificate" {
 }
 
 locals {
-  this_trust_arn = try(([for k, v in local.trust_ca[var.region] : v if v.ca_name == module.certificate.certificate_authority_name])[0].trust_arn, null)
+  this_trust_arn = try(([for k, v in local.trust_ca[local.region] : v if v.ca_name == module.certificate.certificate_authority_name])[0].trust_arn, null)
 }
 
 ## output "certificate_subject" {

diff --git a/rolesanywhere/main.tf b/rolesanywhere/main.tf
@@ -72,5 +72,5 @@ locals {
   account_alias       = var.account_alias != "" && var.account_alias != null ? var.account_alias : "none"
 
   role_name        = format("%v%v", lookup(local._prefixes, "role", ""), var.role_name)
-  role_description = var.role_description == "" ? format("%vRole for %v", local.saml_string, var.role_name) : var.role_description
+  role_description = var.role_description == null ? var.role_name : var.role_description
 }
diff --git a/rolesanywhere/variables.tf b/rolesanywhere/variables.tf
@@ -6,7 +6,7 @@ variable "role_name" {
 variable "role_description" {
   description = "Role/application description"
   type        = string
-  default     = ""
+  default     = null
 }
 
 variable "assume_policy_document" {