How to conditionally provision Azure point to site vpn in Terraform?

Question

How do you conditionally provision a point to site VPN for the current Azure VPN Gateway? I want a P2S VPN for dev/qa VPN Gateway but not prod. I tried using a count attribute with a boolean variable but terraform does not like this (vpn_client_configuration.0: invalid or unknown key: count)

vpn_client_configuration {
    count = "${var.p2s_vpn_enabled}" 

    address_space =  ["${var.p2s_vpn_address_space}"]

    root_certificate {
      name = "${var.p2s_vpn_root_cert_name}"
      public_cert_data = "${var.p2s_vpn_root_cert_base64_data}"
    }       
  }

Terraform 11 for windows

Answer 1

The error happened because the count parameter works on resources level. The vpn_client_configuration is a optional argument in azurerm_virtual_network_gateway block. You could try to use count in the VPN gateway block level, something will be like this,

resource "azurerm_virtual_network_gateway" "test" {
  count = "${var.p2s_vpn_enabled}"
  name                = "test"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"

  type     = "Vpn"
  vpn_type = "RouteBased"
...
}

Additionally, there is a good article sharing about Terraform tips & tricks: loops, if-statements, and gotchas

In Terraform, a boolean true is converted to a 1 and a boolean false is converted to a 0.

If you set count to 1 on a resource, you get one copy of that resource and if you set count to 0, that resource is not created at all.

Hope this could help you.