From 6472786954658756cb9cdfdaff28d4765e57fb51 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Tue, 23 Nov 2021 13:38:40 -0500
Subject: [PATCH] fix

---
 cloudtrail-key/main.tf | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/cloudtrail-key/main.tf b/cloudtrail-key/main.tf
index dc888d7..00f070a 100644
--- a/cloudtrail-key/main.tf
+++ b/cloudtrail-key/main.tf
@@ -204,14 +204,17 @@ data "aws_iam_policy_document" "key_orig" {
 }
 
 data "aws_iam_policy_document" "key_admin" {
-  statement {
-    sid       = "BuiltinKMSAdminRoles"
-    effect    = "Allow"
-    actions   = ["kms:*"]
-    resources = ["*"]
-    principals {
-      type        = "AWS"
-      identifiers = local.kms_admin_roles
+  dynamic "statement" {
+    for_each = length(local.kms_admin_roles) > 0 ? [1] : []
+    content {
+      sid       = "BuiltinKMSAdminRoles"
+      effect    = "Allow"
+      actions   = ["kms:*"]
+      resources = ["*"]
+      principals {
+        type        = "AWS"
+        identifiers = local.kms_admin_roles
+      }
     }
   }
 }