diff --git a/iam_aws_vpc_cni.tf b/iam_aws_vpc_cni.tf
index 1f3facd..90e2d9f 100644
--- a/iam_aws_vpc_cni.tf
+++ b/iam_aws_vpc_cni.tf
@@ -1,5 +1,5 @@
 locals {
-  handle_aws_vpc_cni = var.handle_iam_resources && (var.handle_iam_aws_vpc_cni || length(var.vpc_cni_addon) > 0)
+  handle_aws_vpc_cni = var.handle_iam_resources && var.handle_iam_aws_vpc_cni
 }
 
 resource "aws_iam_role" "aws_vpc_cni" {
diff --git a/main.tf b/main.tf
index 2994d7a..8b50917 100644
--- a/main.tf
+++ b/main.tf
@@ -30,7 +30,7 @@ locals {
         }
       }
     }
-  } : {}
+  } : null
   # The Quortex cluster OIDC issuer.
   cluster_oidc_issuer = trimprefix(aws_eks_cluster.quortex.identity[0].oidc[0].issuer, "https://")
   node_group_labels = [
@@ -204,7 +204,7 @@ locals {
 }
 
 resource "aws_eks_addon" "vpc_cni_addon" {
-  count = local.handle_aws_vpc_cni ? 1 : 0
+  count = length(var.vpc_cni_addon) > 0 ? 1 : 0
 
   cluster_name                = aws_eks_cluster.quortex.name
   addon_name                  = "vpc-cni"