- iam-general-policies

- update cloudforms_ami to empty in EW (as we have no keys defined)
terraform-modules · May 22, 2023 · 08fa58b · 08fa58b
1 parent 480fa41
commit 08fa58b
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -264,3 +264,7 @@
 * 2.4.1 -- 2023-05-08
   - terraform-organzation-info-role
     - new role to allow remote account to read org data for sharing purposes
+
+* 2.4.2 -- 2023-05-22
+  - iam-general-policies
+    - update cloudforms_ami to empty in EW (as we have no keys defined)
diff --git a/common/version.tf b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.4.1"
+  _module_version = "2.4.2"
 }
diff --git a/iam-general-policies/README.md b/iam-general-policies/README.md
@@ -115,6 +115,7 @@ No modules.
 | [aws_iam_policy_document.deny_billing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.deny_readonly_data](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.ec2_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.empty](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.full_billing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.ip_restriction](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.lambda_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

diff --git a/iam-general-policies/custom_policies.tf b/iam-general-policies/custom_policies.tf
@@ -67,7 +67,7 @@ locals {
       name          = "cloudforms-shared-ami"
       path          = "/"
       description   = "Policy for INF CSVD CloudForms Access shared AMIs"
-      policy        = data.aws_iam_policy_document.cloudforms_ami.json
+      policy        = length(local.cloudforms_ami_kms_keys[data.aws_arn.current.partition]) > 0 ? data.aws_iam_policy_document.cloudforms_ami.json : data.aws_iam_policy_document.empty.json
       create_policy = true
     }
 

diff --git a/iam-general-policies/policy.cloudforms.tf b/iam-general-policies/policy.cloudforms.tf
@@ -164,3 +164,5 @@ data "aws_iam_policy_document" "cloudforms_ami" {
     }
   }
 }
+
+data "aws_iam_policy_document" "empty" {}