Toggle all account-based terraform role and profile outputs

modules/account-map/modules/iam-roles/outputs.tf

@@ -50,22 +50,22 @@ output "current_account_account_name" {
 }
 
 output "dns_terraform_role_arn" {
-  value       = module.account_map.outputs.terraform_roles[module.account_map.outputs.dns_account_account_name]
+  value       = local.profiles_enabled ? null : module.account_map.outputs.terraform_roles[module.account_map.outputs.dns_account_account_name]
   description = "The AWS Role ARN for Terraform to use to provision DNS Zone delegations, when Role ARNs are in use"
 }
 
 output "dns_terraform_profile_name" {
-  value       = module.account_map.outputs.terraform_profiles[module.account_map.outputs.dns_account_account_name]
+  value       = local.profiles_enabled ? module.account_map.outputs.terraform_profiles[module.account_map.outputs.dns_account_account_name] : null
   description = "The AWS config profile name for Terraform to use to provision DNS Zone delegations, when profiles are in use"
 }
 
 output "audit_terraform_role_arn" {
-  value       = module.account_map.outputs.terraform_roles[module.account_map.outputs.audit_account_account_name]
+  value       = local.profiles_enabled ? null : module.account_map.outputs.terraform_roles[module.account_map.outputs.audit_account_account_name]
   description = "The AWS Role ARN for Terraform to use to provision resources in the \"audit\" role account, when Role ARNs are in use"
 }
 
 output "audit_terraform_profile_name" {
-  value       = module.account_map.outputs.terraform_profiles[module.account_map.outputs.audit_account_account_name]
+  value       = local.profiles_enabled ? module.account_map.outputs.terraform_profiles[module.account_map.outputs.audit_account_account_name] : null
   description = "The AWS config profile name for Terraform to use to provision resources in the \"audit\" role account, when profiles are in use"
 }
 
@@ -75,7 +75,7 @@ output "identity_account_account_name" {
 }
 
 output "identity_terraform_role_arn" {
-  value       = module.account_map.outputs.terraform_roles[module.account_map.outputs.identity_account_account_name]
+  value       = local.profiles_enabled ? null : module.account_map.outputs.terraform_roles[module.account_map.outputs.identity_account_account_name]
   description = "The AWS Role ARN for Terraform to use to provision resources in the \"identity\" role account, when Role ARNs are in use"
 }
 
@@ -85,12 +85,12 @@ output "identity_terraform_profile_name" {
 }
 
 output "identity_cicd_role_arn" {
-  value       = module.account_map.outputs.cicd_roles[module.account_map.outputs.identity_account_account_name]
+  value       = local.profiles_enabled ? null : module.account_map.outputs.cicd_roles[module.account_map.outputs.identity_account_account_name]
   description = "(Deprecated) The AWS Role ARN for CI/CD tools to assume to gain access to other accounts, when Role ARNs are in use"
 }
 
 output "identity_cicd_profile_name" {
-  value       = module.account_map.outputs.cicd_profiles[module.account_map.outputs.identity_account_account_name]
+  value       = local.profiles_enabled ? module.account_map.outputs.cicd_profiles[module.account_map.outputs.identity_account_account_name] : null
   description = "(Deprecated) The AWS config profile name for CI/CD tools to assume to gain access to other accounts, when profiles are in use"
 }
 

modules/dns-delegated/providers.tf

@@ -20,7 +20,7 @@ provider "aws" {
   profile = module.iam_roles.profiles_enabled ? coalesce(var.import_profile_name, module.iam_roles.terraform_profile_name) : null
 
   dynamic "assume_role" {
-    for_each = var.import_role_arn == null ? (module.iam_roles.terraform_role_arn != null ? [true] : []) : ["import"]
+    for_each = module.iam_roles.profiles_enabled ? [] : ["role"]
     content {
       role_arn = coalesce(var.import_role_arn, module.iam_roles.terraform_role_arn)
     }