diff --git a/iam-saml/main.tf b/iam-saml/main.tf
index 7f5bf73..7562ba5 100644
--- a/iam-saml/main.tf
+++ b/iam-saml/main.tf
@@ -39,7 +39,7 @@ locals {
   saml_ew_url               = "https://signin.aws.amazon.com/saml"
   saml_gov_url              = "https://signin.amazonaws-us-gov.com/saml"
   saml_url                  = local.account_environment == "gov" ? local.saml_gov_url : local.saml_ew_url
-  saml_metadata_file        = file("${path.root}/setup/metadata.xml")
+  saml_metadata_file        = "${path.root}/setup/metadata.xml"
   saml_metadata_file_exists = fileexists(local.saml_metadata_file)
 
   base_tags = {
@@ -65,7 +65,7 @@ resource "null_resource" "saml_metadata" {
 resource "aws_iam_saml_provider" "saml" {
   count                  = local.saml_metadata_file_exists ? 1 : 0
   name                   = var.saml_provider_name
-  saml_metadata_document = local.saml_metadata_file_exists ? local.saml_metadata_file : ""
+  saml_metadata_document = local.saml_metadata_file_exists ? file(local.saml_metadata_file) : ""
   depends_on             = [null_resource.saml_metadata]
 
   # when the provider supports tags, enable this section