diff --git a/CHANGELOG.md b/CHANGELOG.md
index dd0c854..43ec1ac 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -264,3 +264,7 @@
 * 2.4.1 -- 2023-05-08
   - terraform-organzation-info-role
     - new role to allow remote account to read org data for sharing purposes
+
+* 2.4.2 -- 2023-05-22
+  - iam-general-policies
+    - update cloudforms_ami to empty in EW (as we have no keys defined)
diff --git a/common/version.tf b/common/version.tf
index 183f689..930d737 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.4.1"
+  _module_version = "2.4.2"
 }
diff --git a/iam-general-policies/README.md b/iam-general-policies/README.md
index b5b9670..017f8d4 100644
--- a/iam-general-policies/README.md
+++ b/iam-general-policies/README.md
@@ -115,6 +115,7 @@ No modules.
 | [aws_iam_policy_document.deny_billing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.deny_readonly_data](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.ec2_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.empty](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.full_billing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.ip_restriction](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.lambda_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
diff --git a/iam-general-policies/custom_policies.tf b/iam-general-policies/custom_policies.tf
index 3a3f63e..cd425fd 100644
--- a/iam-general-policies/custom_policies.tf
+++ b/iam-general-policies/custom_policies.tf
@@ -67,7 +67,7 @@ locals {
       name          = "cloudforms-shared-ami"
       path          = "/"
       description   = "Policy for INF CSVD CloudForms Access shared AMIs"
-      policy        = data.aws_iam_policy_document.cloudforms_ami.json
+      policy        = length(local.cloudforms_ami_kms_keys[data.aws_arn.current.partition]) > 0 ? data.aws_iam_policy_document.cloudforms_ami.json : data.aws_iam_policy_document.empty.json
       create_policy = true
     }
 
diff --git a/iam-general-policies/policy.cloudforms.tf b/iam-general-policies/policy.cloudforms.tf
index dc0920b..d3f14d2 100644
--- a/iam-general-policies/policy.cloudforms.tf
+++ b/iam-general-policies/policy.cloudforms.tf
@@ -164,3 +164,5 @@ data "aws_iam_policy_document" "cloudforms_ami" {
     }
   }
 }
+
+data "aws_iam_policy_document" "empty" {}