From 06a04fab7c8fe270e3f1894a00ee72df038826b8 Mon Sep 17 00:00:00 2001
From: mrobinson1022 <mrobinson3427@gmail.com>
Date: Thu, 14 Sep 2023 15:34:46 -0400
Subject: [PATCH 1/2] chore: add ternary for access role

---
 main.tf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/main.tf b/main.tf
index d21fd6f..1647ac4 100644
--- a/main.tf
+++ b/main.tf
@@ -232,7 +232,7 @@ resource "aws_dms_endpoint" "this" {
       include_transaction_details    = try(kinesis_settings.value.include_transaction_details, null)
       message_format                 = try(kinesis_settings.value.message_format, null)
       partition_include_schema_table = try(kinesis_settings.value.partition_include_schema_table, null)
-      service_access_role_arn        = lookup(kinesis_settings.value, "service_access_role_arn", aws_iam_role.access[0].arn)
+      service_access_role_arn        = lookup(kinesis_settings.value, "service_access_role_arn", var.create_access_iam_role ? aws_iam_role.access[0].arn : null)
       stream_arn                     = lookup(kinesis_settings.value, "stream_arn", null)
     }
   }
@@ -282,10 +282,10 @@ resource "aws_dms_endpoint" "this" {
     }
   }
 
-  secrets_manager_access_role_arn = lookup(each.value, "secrets_manager_arn", null) != null ? lookup(each.value, "secrets_manager_access_role_arn", aws_iam_role.access[0].arn) : null
+  secrets_manager_access_role_arn = lookup(each.value, "secrets_manager_arn", null) != null ? lookup(each.value, "secrets_manager_access_role_arn", var.create_access_iam_role ? aws_iam_role.access[0].arn : null) : null
   secrets_manager_arn             = lookup(each.value, "secrets_manager_arn", null)
   server_name                     = lookup(each.value, "server_name", null)
-  service_access_role             = lookup(each.value, "service_access_role", aws_iam_role.access[0].arn)
+  service_access_role             = lookup(each.value, "service_access_role", var.create_access_iam_role ? aws_iam_role.access[0].arn : null)
   ssl_mode                        = try(each.value.ssl_mode, null)
   username                        = try(each.value.username, null)
 
@@ -344,7 +344,7 @@ resource "aws_dms_s3_endpoint" "this" {
   rfc_4180                                    = try(each.value.rfc_4180, null)
   row_group_length                            = try(each.value.row_group_length, null)
   server_side_encryption_kms_key_id           = lookup(each.value, "server_side_encryption_kms_key_id", null)
-  service_access_role_arn                     = lookup(each.value, "service_access_role_arn", aws_iam_role.access[0].arn)
+  service_access_role_arn                     = lookup(each.value, "service_access_role_arn", var.create_access_iam_role ? aws_iam_role.access[0].arn : null)
   timestamp_column_name                       = try(each.value.timestamp_column_name, null)
   use_csv_no_sup_value                        = try(each.value.use_csv_no_sup_value, null)
   use_task_start_time_for_full_load_timestamp = try(each.value.use_task_start_time_for_full_load_timestamp, null)

From 6b938b20c9f914bc86c1febc1c1633b2c31b7e59 Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Fri, 27 Oct 2023 12:14:49 -0400
Subject: [PATCH 2/2] fix: Utilize local variable and ensure create
 conditionals are threaded properly

---
 .pre-commit-config.yaml |  4 ++--
 main.tf                 | 10 ++++++----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 2ab13c4..145baf9 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.82.0
+    rev: v1.83.5
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
@@ -23,7 +23,7 @@ repos:
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
diff --git a/main.tf b/main.tf
index 1647ac4..cc707e5 100644
--- a/main.tf
+++ b/main.tf
@@ -232,7 +232,7 @@ resource "aws_dms_endpoint" "this" {
       include_transaction_details    = try(kinesis_settings.value.include_transaction_details, null)
       message_format                 = try(kinesis_settings.value.message_format, null)
       partition_include_schema_table = try(kinesis_settings.value.partition_include_schema_table, null)
-      service_access_role_arn        = lookup(kinesis_settings.value, "service_access_role_arn", var.create_access_iam_role ? aws_iam_role.access[0].arn : null)
+      service_access_role_arn        = lookup(kinesis_settings.value, "service_access_role_arn", local.access_iam_role)
       stream_arn                     = lookup(kinesis_settings.value, "stream_arn", null)
     }
   }
@@ -282,10 +282,10 @@ resource "aws_dms_endpoint" "this" {
     }
   }
 
-  secrets_manager_access_role_arn = lookup(each.value, "secrets_manager_arn", null) != null ? lookup(each.value, "secrets_manager_access_role_arn", var.create_access_iam_role ? aws_iam_role.access[0].arn : null) : null
+  secrets_manager_access_role_arn = lookup(each.value, "secrets_manager_arn", null) != null ? lookup(each.value, "secrets_manager_access_role_arn", local.access_iam_role) : null
   secrets_manager_arn             = lookup(each.value, "secrets_manager_arn", null)
   server_name                     = lookup(each.value, "server_name", null)
-  service_access_role             = lookup(each.value, "service_access_role", var.create_access_iam_role ? aws_iam_role.access[0].arn : null)
+  service_access_role             = lookup(each.value, "service_access_role", local.access_iam_role)
   ssl_mode                        = try(each.value.ssl_mode, null)
   username                        = try(each.value.username, null)
 
@@ -344,7 +344,7 @@ resource "aws_dms_s3_endpoint" "this" {
   rfc_4180                                    = try(each.value.rfc_4180, null)
   row_group_length                            = try(each.value.row_group_length, null)
   server_side_encryption_kms_key_id           = lookup(each.value, "server_side_encryption_kms_key_id", null)
-  service_access_role_arn                     = lookup(each.value, "service_access_role_arn", var.create_access_iam_role ? aws_iam_role.access[0].arn : null)
+  service_access_role_arn                     = lookup(each.value, "service_access_role_arn", local.access_iam_role)
   timestamp_column_name                       = try(each.value.timestamp_column_name, null)
   use_csv_no_sup_value                        = try(each.value.use_csv_no_sup_value, null)
   use_task_start_time_for_full_load_timestamp = try(each.value.use_task_start_time_for_full_load_timestamp, null)
@@ -429,6 +429,8 @@ locals {
   access_iam_role_name   = try(coalesce(var.access_iam_role_name, var.repl_instance_id), "")
   create_access_iam_role = var.create && var.create_access_iam_role
   create_access_policy   = local.create_access_iam_role && var.create_access_policy
+
+  access_iam_role = local.create_access_iam_role ? aws_iam_role.access[0].arn : null
 }
 
 data "aws_iam_policy_document" "access_assume" {