skip to Main Content

The below is the custom variable that will use for specific AWS resource creation

INPUT Variable:

VAR = {
        "commonPolicy" = [
            "DenyRootUser",
            "denyIamAccessKeyCreation"
        ]
        "extraPolicy" = [
            "denyGlobalService",
            "denyBillingModify"
        ]
}

The interpolation/modification method i am using below to modify the value using Terraform console.

Method:

> { for i,j in var.VAR  : "${i}" =>  [ for k in j : "file('policies/${k}.json')}" ] }

Through this method i am able to get this value when i parse value from specific key:

Like this:

> { for i,j in var.VAR  : "${i}" =>  [ for k in j : "file('policies/${k}.json')}" ] }["commonPolicy"]

OUTPUT:

[
  "file('policies/DenyRootUser.json')}",
  "file('policies/denyIamAccessKeyCreation.json')}",
]

But the following value i want from interpolation method

Expected Output:

[
  file("policies/DenyRootUser.json")},
  file("policies/denyIamAccessKeyCreation.json")},
]

NOTE:

  • The difference between output & expected output is that i want list of values without doube quotes.
  • under file function, the location/path should be under double quotes.

2

Answers


  1. Chosen as BEST ANSWER

    [SOLVED] I resolved this issue by using below method.

    Directory Structure:

    .
    ├── main.tf
    └── policies
        ├── denyIamAccessKeyCreation.json
        └── denyRootUser.json
    

    Method:

    main.tf

    VAR = {
            "commonPolicy" = [
                "DenyRootUser",
                "denyIamAccessKeyCreation"
            ]
            "extraPolicy" = [
                "denyGlobalService",
                "denyBillingModify"
            ]
    }
    
    locals {
      local_policy_list = { for i,j in local.VAR  : "${i}" =>  [ for k in j : file("policies/${k}.json") ] }
    }
    
    data "aws_iam_policy_document" "b" {
      for_each = local.test
      source_policy_documents =  each.value
    }
    
    

    The above local_policy_list variable collect file input and created a list under specific map variable.

    Terraform console:

    > data.aws_iam_policy_document.b["commonPolicy"].json
    > data.aws_iam_policy_document.b["extraPolicy"].json
    

    As i am getting the expected output but the resultant is similar to the aws_iam_policy_document data variable source_policy_documents requirement.

    Example:

    <<EOT
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "DenyRootUser",
          "Effect": "Deny",
          "Action": "*",
          "Resource": "*",
          "Condition": {
            "StringLike": {
              "aws:PrincipalArn": [
                "arn:aws:iam::*:root"
              ]
            }
          }
        }
      ]
    }
    EOT
    

  2. You can use it as below which will yield the result as follows:

    locals {
        a = ["a.json","b.json"]
        test = [for i in local.a: file("${i}")]
    }
    
    
    data "aws_iam_policy_document" "b" {
      source_policy_documents =  local.test
    }
    
    
    terraform  console
    
    > data.aws_iam_policy_document.b.json
    <<EOT
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "",
          "Effect": "Allow",
          "Action": "ec2:*",
          "Resource": "*"
        },
        {
          "Sid": "UniqueSidOne",
          "Effect": "Allow",
          "Action": "s3:*",
          "Resource": "*"
        },
        {
          "Sid": "UniqueSidTwo",
          "Effect": "Allow",
          "Action": "iam:*",
          "Resource": "*"
        },
        {
          "Sid": "",
          "Effect": "Allow",
          "Action": "lambda:*",
          "Resource": "*"
        },
        {
          "Sid": "",
          "Effect": "Allow",
          "Action": "ec3:*",
          "Resource": "*"
        },
        {
          "Sid": "uu",
          "Effect": "Allow",
          "Action": "s4:*",
          "Resource": "*"
        },
        {
          "Sid": "rr",
          "Effect": "Allow",
          "Action": "iamm:*",
          "Resource": "*"
        },
        {
          "Sid": "",
          "Effect": "Allow",
          "Action": "scp:*",
          "Resource": "*"
        }
      ]
    }
    EOT
    

    Is this the expected output?

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search