Merge pull request #33 from ministryofjustice/cross-account

This is to fix the error when no prinicpal
ministryofjustice · Jun 28, 2022 · 39a3f35 · 39a3f35
2 parents 92b2e51 + c191ae3
commit 39a3f35
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/main.tf b/main.tf
@@ -81,7 +81,7 @@ resource "aws_kms_key" "kms" {
         Sid    = "Allow cross-account use of the key"
         Effect = "Allow"
         Principal = {
-          AWS = var.kms_external_access
+          AWS = length(var.kms_external_access) >=1 ? var.kms_external_access : ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]
         },
         Action = [
           "kms:GenerateDataKey*",