diff --git a/CHANGELOG.md b/CHANGELOG.md
index d511684..ca4c3bf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,8 +2,14 @@
 
 All notable changes to this project will be documented in this file.
 
+## 1.0.1 - 2025-04-12
+
+### Added
+
+- Added default value `[]` to input variable `assume_role_account_names`.
+
 ## 1.0.0 - 2025-04-11
 
 ### Added
 
-- initial import
+- Initial import.
diff --git a/main.tf b/main.tf
index f46bfb4..0c0989a 100644
--- a/main.tf
+++ b/main.tf
@@ -1,9 +1,10 @@
 data "aws_organizations_organization" "main" {}
 
 locals {
-  aws_account_ids = { for info in data.aws_organizations_organization.main.accounts :
+  aws_account_ids = length(var.assume_role_account_names) > 0 ? {
+    for info in data.aws_organizations_organization.main.accounts :
     info.name => info.id
-  }
+  } : {}
 }
 
 resource "aws_iam_user" "main" {
@@ -14,43 +15,47 @@ resource "aws_iam_user" "main" {
 resource "aws_iam_user_policy" "main" {
   name = var.name
   policy = jsonencode({
-    Statement = concat([
-      { # Assume roles in AWS sub-accounts
-        Action = "sts:AssumeRole"
-        Effect = "Allow"
-        Resource = [for name in var.assume_role_account_names :
-          format(
-            "arn:aws:iam::%s:role/%s",
-            local.aws_account_ids[name],
-            var.name,
-          )
-        ]
-      },
-      {
-        Action = [
-          # Manage the user's own IAM access key
-          "iam:CreateAccessKey",
-          "iam:DeleteAccessKey",
-          "iam:UpdateAccessKey",
-          # Read only access to the user's IAM object
-          "iam:Get*",
-          "iam:List*",
-        ]
-        Effect   = "Allow"
-        Resource = aws_iam_user.main.arn
-      },
-      {
-        Action = [
-          # Necessary for removing an IAM user
-          "iam:ListVirtualMFADevices",
-          # Describe and list the organization accounts
-          "organizations:DescribeOrganization",
-          "organizations:List*",
-        ]
-        Effect   = "Allow"
-        Resource = "*"
-      },
-    ])
+    Statement = concat(
+      length(var.assume_role_account_names) > 0 ? [
+        { # Assume roles in AWS sub-accounts
+          Action = "sts:AssumeRole"
+          Effect = "Allow"
+          Resource = [for name in var.assume_role_account_names :
+            format(
+              "arn:aws:iam::%s:role/%s",
+              local.aws_account_ids[name],
+              var.name,
+            )
+          ]
+        }
+      ] : [],
+      [
+        {
+          Action = [
+            # Manage the user's own IAM access key
+            "iam:CreateAccessKey",
+            "iam:DeleteAccessKey",
+            "iam:UpdateAccessKey",
+            # Read only access to the user's IAM object
+            "iam:Get*",
+            "iam:List*",
+          ]
+          Effect   = "Allow"
+          Resource = aws_iam_user.main.arn
+        },
+        {
+          Action = [
+            # Necessary for removing an IAM user
+            "iam:ListVirtualMFADevices",
+            # Describe and list the organization accounts
+            "organizations:DescribeOrganization",
+            "organizations:List*",
+          ]
+          Effect   = "Allow"
+          Resource = "*"
+        },
+      ]
+    )
     Version = "2012-10-17"
   })
   user = aws_iam_user.main.name
diff --git a/variables.tf b/variables.tf
index aed2f86..3c00266 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,4 +1,5 @@
 variable "assume_role_account_names" {
+  default     = []
   description = "The names of the AWS sub-accounts this IAM user can assume roles in."
   nullable    = false
   type        = list(string)