From 75abdc35127b8e3a1ed0551126392e41bc5950f2 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Wed, 25 May 2022 16:10:13 -0400
Subject: [PATCH] update statemetns to chec for create first

---
 CHANGELOG.md | 24 ++++++++++++++++++++++++
 CHANGES.md   | 15 ---------------
 main.tf      |  6 +++---
 outputs.tf   |  8 ++++----
 version.tf   |  2 +-
 5 files changed, 32 insertions(+), 23 deletions(-)
 create mode 100644 CHANGELOG.md
 delete mode 100644 CHANGES.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..7257d09
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,24 @@
+# aws-security-audit
+
+## version 1.x
+
+* 1.0.0	tag initial release
+
+## version 2.x
+
+* 2.0.0	terraform 0.12 support
+
+* 2.0.1	add contact, reference
+
+* 2.1.0 -- 20210429
+  - add additional_policies feature
+  - add pre-commit hooks
+
+* 2.1.1 -- 20210614
+  - add terraform tags
+
+* 2.1.2 -- 20210614
+  - change to attach policies ia for_each
+
+* 2.1.3 -- 2022-05-25
+  - update statements to check for create first
diff --git a/CHANGES.md b/CHANGES.md
deleted file mode 100644
index 844d879..0000000
--- a/CHANGES.md
+++ /dev/null
@@ -1,15 +0,0 @@
-* v1.0.0	tag initial release
-
-* v2.0.0	terraform 0.12 support
-
-* v2.0.1	add contact, reference
-
-* v2.1.0 -- 20210429
-  - add additional_policies feature
-  - add pre-commit hooks
-
-* v2.1.1 -- 20210614
-  - add terraform tags
-
-* v2.1.2 -- 20210614
-  - change to attach policies via for_each
diff --git a/main.tf b/main.tf
index 8af1e98..bd8c6de 100644
--- a/main.tf
+++ b/main.tf
@@ -152,8 +152,8 @@ resource "aws_iam_access_key" "audit" {
 resource "null_resource" "audit_output" {
   count = length(var.users)
   triggers = {
-    user                  = element(aws_iam_user.audit[*].name, count.index)
-    aws_access_key_id     = element(local.aws_access_key_id, count.index)
-    aws_secret_access_key = element(local.aws_secret_access_key, count.index)
+    user                  = var.create_access_keys ? element(aws_iam_user.audit[*].name, count.index) : null
+    aws_access_key_id     = var.create_access_keys ? element(local.aws_access_key_id, count.index) : null
+    aws_secret_access_key = var.create_access_keys ? element(local.aws_secret_access_key, count.index) : null
   }
 }
diff --git a/outputs.tf b/outputs.tf
index acf754d..a6db385 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,11 +1,11 @@
 output "user" {
   description = "Users created"
-  value       = aws_iam_user.audit[*].name
+  value       = var.create_access_keys ? aws_iam_user.audit[*].name : []
 }
 
 output "aws_access_key_id" {
   description = "Access Key IDs for Users"
-  value       = aws_iam_access_key.audit[*].id
+  value       = var.create_access_keys ? aws_iam_access_key.audit[*].id : []
 }
 
 locals {
@@ -19,10 +19,10 @@ locals {
 output "aws_secret_access_key" {
   description = "Access Secret Key IDs for Users"
   #  value       = [split(",", local.secret)]
-  value = aws_iam_access_key.audit[*].encrypted_secret
+  value = var.create_access_keys ? aws_iam_access_key.audit[*].encrypted_secret : []
 }
 
 output "aws_info" {
   description = "Access key, secret, and user map output"
-  value       = null_resource.audit_output[*].triggers
+  value       = var.create_access_keys ? null_resource.audit_output[*].triggers : {}
 }
diff --git a/version.tf b/version.tf
index 4955ed1..e489cd7 100644
--- a/version.tf
+++ b/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.1.2"
+  _module_version = "2.1.3"
 }