CODEWITHSUNDEEP
amazon-web-servicesterraform
user60679
user60679

Reputation: 729

terraform get list variable to resource

variable "iam_action" {
  type    = "list"
  default = ["ec2.amazonaws.com","ecs.amazonaws.com"]
}

resource "aws_iam_role" "s3_role" {
  name               = "abcd"
  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": [ "${var.iam_action}"
        ]
      },
      "Effect": "Allow,
      "Sid": ""
    }
  ]
}
EOF
}

Error:

At column 1, line 1: output of an HIL expression must be a string, or a single list (argument 2 is TypeList) in:

I tried join function but i need output to be a list ["a","b","c"] join function gives output like ["a,b,c"]

Upvotes: 5

Views: 5684

Answers (1)

BMW
BMW

Reputation: 45223

I fix it with jsonencode by template_file

First create below json file

$ cat s3_policy.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": ${iam_action}
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}

Update the tf file

variable "iam_action" {
  type    = "list"
  default = ["ec2.amazonaws.com", "ecs.amazonaws.com"]
}

data "template_file" "s3_role" {
  template = "${file("${path.module}/s3_policy.json")}"

  vars {
    iam_action = "${jsonencode(var.iam_action)}"
  }
}

resource "aws_iam_role" "s3_role" {
  name = "abcd"

  assume_role_policy = "${data.template_file.s3_role.rendered}"
}

run template plan

  + aws_iam_role.s3_role
      arn:                   "<computed>"
      assume_role_policy:    "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Action\": \"sts:AssumeRole\",\n      \"Principal\": {\n        \"Service\": [\"ec2.amazonaws.com\",\"ecs.amazonaws.com\"]\n      },\n      \"Effect\": \"Allow\",\n      \"Sid\": \"\"\n    }\n  ]\n}\n"
      create_date:           "<computed>"
      force_detach_policies: "false"
      name:                  "abcd"
      path:                  "/"
      unique_id:             "<computed>"

refer:

terraform interpolation

jsonencode(item) - Returns a JSON-encoded representation of the given item, which may be a string, list of strings, or map from string to string. Note that if the item is a string, the return value includes the double quotes.

The reason I can't directly use vars with "${var.iam_action}"in template_file is explained here:

vars - (Optional) Variables for interpolation within the template. Note that variables must all be primitives. Direct references to lists or maps will cause a validation error.

Upvotes: 5

Related Questions