diff --git a/cloudtrail/sns.tf b/cloudtrail/sns.tf
index 2a49760..194a93c 100644
--- a/cloudtrail/sns.tf
+++ b/cloudtrail/sns.tf
@@ -40,7 +40,7 @@ data "aws_iam_policy_document" "cloudtrail_topic" {
       variable = "AWS:SourceOwner"
       values   = [local.account_id]
     }
-    resources = [var.enable_sns ? aws_sns_topic.cloudtrail[0].arn : null]
+    resources = [var.enable_sns ? aws_sns_topic.cloudtrail[0].arn : ""]
   }
   statement {
     sid    = "CloudTrailSNSPolicy"
@@ -50,6 +50,6 @@ data "aws_iam_policy_document" "cloudtrail_topic" {
       identifiers = ["cloudtrail.amazonaws.com"]
     }
     actions   = ["sns:Publish"]
-    resources = [var.enable_sns ? aws_sns_topic.cloudtrail[0].arn : null]
+    resources = [var.enable_sns ? aws_sns_topic.cloudtrail[0].arn : ""]
   }
 }
diff --git a/cloudtrail/sqs.tf b/cloudtrail/sqs.tf
index 25ee60a..42f2442 100644
--- a/cloudtrail/sqs.tf
+++ b/cloudtrail/sqs.tf
@@ -30,7 +30,7 @@ data "aws_iam_policy_document" "cloudtrail_deadletter" {
     sid       = "AllowSNSSendMessage"
     effect    = "Allow"
     actions   = ["SQS:SendMessage"]
-    resources = [var.enable_sqs ? aws_sqs_queue.cloudtrail_deadletter[0].arn : null]
+    resources = [var.enable_sqs ? aws_sqs_queue.cloudtrail_deadletter[0].arn : ""]
     principals {
       type        = "AWS"
       identifiers = ["*"]
@@ -38,7 +38,7 @@ data "aws_iam_policy_document" "cloudtrail_deadletter" {
     condition {
       test     = "ArnEquals"
       variable = "aws:SourceArn"
-      values   = [var.enable_sns ? aws_sns_topic.cloudtrail[0].arn : null]
+      values   = [var.enable_sns ? aws_sns_topic.cloudtrail[0].arn : ""]
     }
   }
 }
@@ -80,7 +80,7 @@ data "aws_iam_policy_document" "cloudtrail_sqs" {
     sid       = "AllowSNSSendMessage"
     effect    = "Allow"
     actions   = ["SQS:SendMessage"]
-    resources = [var.enable_sqs ? aws_sqs_queue.cloudtrail[0].arn : null]
+    resources = [var.enable_sqs ? aws_sqs_queue.cloudtrail[0].arn : ""]
     principals {
       type        = "AWS"
       identifiers = ["*"]
@@ -88,7 +88,7 @@ data "aws_iam_policy_document" "cloudtrail_sqs" {
     condition {
       test     = "ArnEquals"
       variable = "aws:SourceArn"
-      values   = [var.enable_sns ? aws_sns_topic.cloudtrail[0].arn : null]
+      values   = [var.enable_sns ? aws_sns_topic.cloudtrail[0].arn : ""]
     }
   }
 }