From 506e3ac4b22cfd9d28228002640726efb198c1d5 Mon Sep 17 00:00:00 2001
From: Jan Jagusch <jan.jagusch@gmail.com>
Date: Mon, 17 Nov 2025 16:23:19 +0100
Subject: [PATCH] Fix null partition error when create = false.

---
 aws_cloudwatch_observability.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/aws_cloudwatch_observability.tf b/aws_cloudwatch_observability.tf
index 46ef267..7d378bf 100644
--- a/aws_cloudwatch_observability.tf
+++ b/aws_cloudwatch_observability.tf
@@ -3,10 +3,10 @@
 ################################################################################
 
 resource "aws_iam_role_policy_attachment" "aws_cloudwatch_observability" {
-  for_each = { for k, v in {
+  for_each = var.create && var.attach_aws_cloudwatch_observability_policy ? {
     CloudWatchAgentServerPolicy = "arn:${local.partition}:iam::aws:policy/CloudWatchAgentServerPolicy"
     AWSXrayWriteOnlyAccess      = "arn:${local.partition}:iam::aws:policy/AWSXrayWriteOnlyAccess"
-  } : k => v if var.create && var.attach_aws_cloudwatch_observability_policy }
+  } : {}
 
   role       = aws_iam_role.this[0].name
   policy_arn = each.value