sst.aws.Postgres: do not assign empty permission if secrets manager s…

…ecret is disabled
sst · Sep 2, 2024 · 4c0708e · 4c0708e
1 parent 71c7774
commit 4c0708e
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/platform/src/components/aws/postgres.ts b/platform/src/components/aws/postgres.ts
@@ -429,7 +429,11 @@ export class Postgres extends Component implements Link.Linkable {
       include: [
         permission({
           actions: ["secretsmanager:GetSecretValue"],
-          resources: [this.cluster.masterUserSecrets[0].secretArn],
+          resources: [
+            this.cluster.masterUserSecrets[0].secretArn.apply(
+              (v) => v ?? "arn:aws:iam::rdsdoesnotusesecretmanager",
+            ),
+          ],
         }),
         permission({
           actions: [