diff --git a/iam-policy-documents.tf b/iam-policy-documents.tf
index 388c6bc..7b7aa5e 100644
--- a/iam-policy-documents.tf
+++ b/iam-policy-documents.tf
@@ -8,7 +8,7 @@ data "aws_iam_policy_document" "backend_assume_role_all" {
 
     principals {
       type        = "AWS"
-      identifiers = length(var.all_workspaces_details) > 0 ? var.all_workspaces_details : [data.aws_caller_identity.current.account_id]
+      identifiers = length(var.all_workspaces_details) > 0 ? var.all_workspaces_details : tolist([data.aws_caller_identity.current.account_id])
     }
   }
 }
@@ -38,7 +38,7 @@ data "aws_iam_policy_document" "backend_assume_role_restricted" {
 
     principals {
       type        = "AWS"
-      identifiers = length(each.value) > 0 ? each.value : [data.aws_caller_identity.current.account_id]
+      identifiers = length(each.value) > 0 ? each.value : tolist([data.aws_caller_identity.current.account_id])
     }
   }
 }
diff --git a/outputs.tf b/outputs.tf
index 899d9e4..49f8655 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -9,3 +9,7 @@ output "dynamo_lock_table" {
 output "iam_roles" {
   value = concat(aws_iam_role.backend_all[*].arn, values(aws_iam_role.backend_restricted)[*].arn)
 }
+
+output "kms_key_id"{
+    value = var.enable_customer_kms_key ? aws_kms_key.backend[0].id: null
+}
\ No newline at end of file