If you attempt to use the Policies module with Tenancy Level Policies and no oci_services attributes are set to true then a terraform error is encountered.

[jonofrey]

If you attempt to use the Policies module with Tenancy Level Policies and no oci_services attributes are set to true then a terraform error is encountered.

Terraform error:

You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.
╷
│ Error: Not enough list items
│
│ with module.iam.oci_identity_policy.these["SERVICES-POLICY"],
│ on ../../../terraform-oci-cis-landing-zone-iam/policies/main.tf line 27, in resource "oci_identity_policy" "these":
│ 27: statements = each.value.statements
│
│ Attribute requires 1 item minimum, but config has only 0 declared.

File and code for the error: https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam/blob/main/policies/main.tf#L27

File where the local.services_policy is set: https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam/blob/main/policies/services_policy.tf

Line where the services_policy statement is set to an empty list is no services are enabled: https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam/blob/main/policies/services_policy.tf

The policies_configuration variable indicates that the oci_services are optional: https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam/blob/main/policies/variables.tf#L27C1-L37C12

Please let me know if you would like to have a call to review what I found. I was able to get the terraform to run without error once I added an oci_services and set a service to true.

            oci_services : {
                "enable_cloud_guard_policies" = true
            }