search

nozaq / terraform-aws-secure-baseline

Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
MIT License
1.14k stars 372 forks source link

Disabling VPC flow log fails the plan when target_regions is set #156

Closed tovbinm closed 3 years ago

tovbinm commented 3 years ago

When target_regions = ["us-east-1", "us-west-2"] is set together with vpc_enable_flow_logs = false TF apply fails for all other regions:

Error: Invalid index

  on .terraform/modules/secure-baseline/vpc_baselines.tf line 134, in module "vpc_baseline_ap-southeast-1":
 134:   flow_logs_iam_role_arn      = local.is_cw_logs ? aws_iam_role.flow_logs_publisher[0].arn : null
    |----------------
    | aws_iam_role.flow_logs_publisher is empty tuple

The given key does not identify an element in this collection value.

Is this a setting I am missing or it's a bug?

nozaq commented 3 years ago

@tovbinm Thanks for reporting the issue! It seems a bug, working in #157.

nozaq commented 3 years ago

fixed in v0.23.1 🎉

tovbinm commented 3 years ago

Thank you!!