Skip to content

fix: Fix malware protection plan role ARN reference#10

Open
HubertPiotrowski wants to merge 1 commit into
aws-ia:mainfrom
HubertPiotrowski:fix-malware-protection-plan-role-arn
Open

fix: Fix malware protection plan role ARN reference#10
HubertPiotrowski wants to merge 1 commit into
aws-ia:mainfrom
HubertPiotrowski:fix-malware-protection-plan-role-arn

Conversation

@HubertPiotrowski

@HubertPiotrowski HubertPiotrowski commented Nov 25, 2025

Copy link
Copy Markdown

Description

Fixes the aws_guardduty_malware_protection_plan resource role assignment which was passing the entire resource object instead of the ARN string.

Changes

  1. main.tf:135 - Added [0].arn to properly extract ARN from count-based IAM resources
  2. data.tf:6 - Fixed inverted count logic: data source should exist when NOT creating the role (i.e., looking up existing service-linked role)

Error Before Fix

Error: Inconsistent conditional result types

on main.tf line 135:
  role = var.create_malware_protection_role ? aws_iam_service_linked_role.malware_protection : data.aws_iam_role.malware_protection

The true and false result expressions must have consistent types.

Testing

  • Terraform validate passes
  • The role argument expects an ARN string, not a resource object

@HubertPiotrowski
fix: Fix malware protection plan role ARN reference
963450f 
- Add [0] index to access resources created with count
- Add .arn to extract ARN string from IAM role resources
- Fix data source count logic: look up existing role only when not creating a new one
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@HubertPiotrowski