diff --git a/roles/aws/aws_iam_role/tasks/main.yml b/roles/aws/aws_iam_role/tasks/main.yml
index 27afb6e02..f6e8842e1 100644
--- a/roles/aws/aws_iam_role/tasks/main.yml
+++ b/roles/aws/aws_iam_role/tasks/main.yml
@@ -21,10 +21,20 @@
     _combined_policies: "{{ aws_iam_role.managed_policies }}"
   when: inline_policies.action is not defined or inline_policies.action == 0
 
+- name: Check if policy document file exists.
+  ansible.builtin.stat:
+    path: "{{ aws_iam_role.policy_document + '_document_policy.json' }}"
+  register: policy_file_stat
+
+- name: Fail if the assume role policy document file does not exist.
+  ansible.builtin.fail:
+    msg: "The assume role policy document file '{{ aws_iam_role.policy_document + '_document_policy.json' }}' does not exist."
+  when: not policy_file_stat.stat.exists
+
 - name: Create assume role policy document if predefined string is passed.
   ansible.builtin.set_fact:
     _assume_role_policy: "{{ lookup('file', aws_iam_role.policy_document + '_document_policy.json') }}"
-  when: aws_iam_role.policy_document | type_debug == 'string'
+  when: aws_iam_role.policy_document | type_debug == 'string' and policy_file_stat.stat.exists
 
 - name: Create assume role policy document if template is provided.
   ansible.builtin.set_fact:
diff --git a/roles/debian/varnish_config/tasks/main.yml b/roles/debian/varnish_config/tasks/main.yml
index ace30d274..3e9c69011 100644
--- a/roles/debian/varnish_config/tasks/main.yml
+++ b/roles/debian/varnish_config/tasks/main.yml
@@ -20,5 +20,4 @@
       notify:
         - reload systemd
         - restart varnish
-
 # TO DO: add varnish to unattended upgrades
diff --git a/roles/debian/wazuh/defaults/main.yml b/roles/debian/wazuh/defaults/main.yml
index c98a57e03..c1468b95e 100644
--- a/roles/debian/wazuh/defaults/main.yml
+++ b/roles/debian/wazuh/defaults/main.yml
@@ -102,6 +102,7 @@ wazuh:
           timeout: 3600
       authd:
         enabled: false
+        use_password: false
     wazuh_manager_globals:
       - '1.1.1.1'
     agent_groups: [] # maps to `groups` string in agent config above
diff --git a/roles/debian/wazuh/tasks/main.yml b/roles/debian/wazuh/tasks/main.yml
index 59a3711b7..acdeaea9d 100644
--- a/roles/debian/wazuh/tasks/main.yml
+++ b/roles/debian/wazuh/tasks/main.yml
@@ -132,3 +132,29 @@
     name: filebeat
     state: restarted
   when: filebeat_exists
+
+- name: Check if wazuh-manager service exists
+  ansible.builtin.systemd:
+    name: wazuh-manager
+  register: wazuh_service
+  ignore_errors: true
+
+- name: Generate random password
+  ansible.builtin.set_fact:
+    authd_password: "{{ lookup('password', '/dev/null length=32') }}"
+  when: not wazuh_service.failed | default(true)
+
+- name: Write the password to /var/ossec/etc/authd.pass
+  ansible.builtin.copy:
+    dest: /var/ossec/etc/authd.pass
+    content: "{{ authd_password }}"
+    mode: '0640'
+    owner: root
+    group: wazuh
+  when: not wazuh_service.failed | default(true)
+
+- name: Restart wazuh-manager to apply changes
+  ansible.builtin.systemd:
+    name: wazuh-manager
+    state: restarted
+  when: not wazuh_service.failed | default(true)