fix

terraform-modules · Nov 23, 2021 · 6472786 · 6472786
1 parent d51267b
commit 6472786
Showing 1 changed file with 11 additions and 8 deletions.
diff --git a/cloudtrail-key/main.tf b/cloudtrail-key/main.tf
@@ -204,14 +204,17 @@ data "aws_iam_policy_document" "key_orig" {
 }
 
 data "aws_iam_policy_document" "key_admin" {
-  statement {
-    sid       = "BuiltinKMSAdminRoles"
-    effect    = "Allow"
-    actions   = ["kms:*"]
-    resources = ["*"]
-    principals {
-      type        = "AWS"
-      identifiers = local.kms_admin_roles
+  dynamic "statement" {
+    for_each = length(local.kms_admin_roles) > 0 ? [1] : []
+    content {
+      sid       = "BuiltinKMSAdminRoles"
+      effect    = "Allow"
+      actions   = ["kms:*"]
+      resources = ["*"]
+      principals {
+        type        = "AWS"
+        identifiers = local.kms_admin_roles
+      }
     }
   }
 }