From 9b84c2c09d31b4bad09370a018cf2de4c0175b0c Mon Sep 17 00:00:00 2001 From: Brett Delle Grazie Date: Wed, 5 Jul 2023 10:20:54 +0200 Subject: [PATCH] fix: Avoid invalid-index when controllers disabled When emrcontainers or step function capabilties were disabled, Terraform would try to assign the associated policy. The policy doesn't exist because that component is disabled. As a test, an all controllers disabled module has been added to the example. fixes: #43 --- main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index a928388..7b804f3 100644 --- a/main.tf +++ b/main.tf @@ -589,7 +589,7 @@ module "emrcontainers" { role_permissions_boundary_arn = lookup(var.emrcontainers, "role_permissions_boundary_arn", null) role_description = try(var.emrcontainers.role_description, "IRSA for emrcontainers controller for ACK") role_policies = lookup(var.emrcontainers, "role_policies", { - AmazonEmrContainers = aws_iam_policy.emrcontainers[0].arn + AmazonEmrContainers = var.enable_emrcontainers ? aws_iam_policy.emrcontainers[0].arn : null }) create_policy = try(var.emrcontainers.create_policy, false) @@ -701,7 +701,7 @@ module "sfn" { source = "aws-ia/eks-blueprints-addon/aws" version = "1.1.0" - create = var.enable_emrcontainers + create = var.enable_sfn # public.ecr.aws/aws-controllers-k8s/sfn_name-chart:1.0.2 name = try(var.sfn.name, local.sfn_name) @@ -770,7 +770,7 @@ module "sfn" { role_description = try(var.sfn.role_description, "IRSA for sfn controller for ACK") role_policies = lookup(var.sfn, "role_policies", { AWSStepFunctionsFullAccess = "${local.iam_role_policy_prefix}/AWSStepFunctionsFullAccess" - AWSStepFunctionsIamPassRole = aws_iam_policy.sfnpasspolicy[0].arn + AWSStepFunctionsIamPassRole = var.enable_sfn ? aws_iam_policy.sfnpasspolicy[0].arn : null }) create_policy = try(var.sfn.create_policy, false)