From 4c0708e2e3e5d3ead16775c7eaa5e7d800414243 Mon Sep 17 00:00:00 2001
From: Dax Raad <d@ironbay.co>
Date: Sun, 1 Sep 2024 23:06:43 -0400
Subject: [PATCH] sst.aws.Postgres: do not assign empty permission if secrets
 manager secret is disabled

---
 platform/src/components/aws/postgres.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/platform/src/components/aws/postgres.ts b/platform/src/components/aws/postgres.ts
index 5a3c5aaee..d7c6e02d6 100644
--- a/platform/src/components/aws/postgres.ts
+++ b/platform/src/components/aws/postgres.ts
@@ -429,7 +429,11 @@ export class Postgres extends Component implements Link.Linkable {
       include: [
         permission({
           actions: ["secretsmanager:GetSecretValue"],
-          resources: [this.cluster.masterUserSecrets[0].secretArn],
+          resources: [
+            this.cluster.masterUserSecrets[0].secretArn.apply(
+              (v) => v ?? "arn:aws:iam::rdsdoesnotusesecretmanager",
+            ),
+          ],
         }),
         permission({
           actions: [