fix: do not add the cache access policy if there is none (#540)

kayman-mk · web-flow · commit f69c8bbe5832 · 2022-10-09T19:30:25.000+02:00
* do not add a policy if we have none

* consider manual ARN
diff --git a/main.tf b/main.tf
@@ -390,6 +390,8 @@ resource "aws_iam_role_policy_attachment" "user_defined_policies" {
 ### Policy for the docker machine instance to access cache
 ################################################################################
 resource "aws_iam_role_policy_attachment" "docker_machine_cache_instance" {
+  count = var.cache_bucket["create"] || length(lookup(var.cache_bucket, "policy", "")) > 0 ? 1 : 0
+
   role       = aws_iam_role.instance.name
   policy_arn = local.bucket_policy
 }

Original file line number	Diff line number	Diff line change
`@@ -390,6 +390,8 @@ resource "aws_iam_role_policy_attachment" "user_defined_policies" {`
`390`	`390`	`### Policy for the docker machine instance to access cache`
`391`	`391`	`################################################################################`
`392`	`392`	`resource "aws_iam_role_policy_attachment" "docker_machine_cache_instance" {`
	`393`	`+ count = var.cache_bucket["create"] \|\| length(lookup(var.cache_bucket, "policy", "")) > 0 ? 1 : 0`
	`394`	`+`
`393`	`395`	`role = aws_iam_role.instance.name`
`394`	`396`	`policy_arn = local.bucket_policy`
`395`	`397`	`}`