From bd01c53ac0cdfa8ee692c753c0b3afe4351839dd Mon Sep 17 00:00:00 2001 From: lorenzo merici Date: Thu, 31 Jul 2025 10:34:31 +0200 Subject: [PATCH] add support to empty kms key --- modules/integrations/cloud-logs/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/integrations/cloud-logs/main.tf b/modules/integrations/cloud-logs/main.tf index 4d2b0cf..a2f45f8 100644 --- a/modules/integrations/cloud-logs/main.tf +++ b/modules/integrations/cloud-logs/main.tf @@ -69,8 +69,8 @@ locals { is_cross_account = var.bucket_account_id != null && var.bucket_account_id != data.aws_caller_identity.current.account_id # KMS variables - kms_account_id = split(":", var.kms_key_arn)[3] - need_kms_policy = var.bucket_account_id != null && var.bucket_account_id != local.kms_account_id + kms_account_id = var.kms_key_arn != null && var.kms_key_arn != "" ? split(":", var.kms_key_arn)[3] : null + need_kms_policy = var.bucket_account_id != null && local.kms_account_id != null && var.bucket_account_id != local.kms_account_id # Role variables role_name = split("/", var.role_arn)[1] @@ -152,7 +152,7 @@ data "aws_iam_policy_document" "cloudlogs_s3_access" { } dynamic "statement" { - for_each = var.kms_key_arn != null ? [1] : [] + for_each = var.kms_key_arn != null && var.kms_key_arn != "" ? [1] : [] content { sid = "CloudlogsKMSDecrypt"