diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2de7a47..41e49f0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -416,3 +416,7 @@
 * 2.12.2 -- 2025-08-25
   - terraform-state
     - add output: tfstate_dynamodb_table_name
+
+* 2.12.3 -- 2025-08-27
+  - terraform-state
+    - remove role creation for application_mode
diff --git a/common/version.tf b/common/version.tf
index bacb8be..a57a420 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.12.2"
+  _module_version = "2.12.3"
 }
diff --git a/terraform-state/role.tf b/terraform-state/role.tf
index 18a3735..368db06 100644
--- a/terraform-state/role.tf
+++ b/terraform-state/role.tf
@@ -15,6 +15,7 @@ data "aws_iam_policy" "role_managed_policies" {
 }
 
 resource "aws_iam_role" "role" {
+  count                 = var.application_mode ? 0 : 1
   name                  = local.role_name
   description           = local.role_description
   force_detach_policies = local._defaults["force_detach_policies"]
@@ -38,13 +39,13 @@ resource "aws_iam_role" "role" {
     local.base_tags,
     var.tags,
     lookup(var.component_tags, "role", {}),
-    tomap({ Name = local.role_name })
+    { Name = local.role_name },
   )
 }
 
 resource "aws_iam_role_policy_attachment" "role" {
   for_each   = !var.application_mode ? { for p in local.role_managed_policies : p => p } : {}
-  role       = aws_iam_role.role.name
+  role       = !var.application_mode ? aws_iam_role.role[0].name : null
   policy_arn = each.value
 }