Reputation: 2368
I have a dynamic statement in which i want to optionally create an iam policy statement.
dynamic "statement" {
for_each = var.deploy == "true" && contains(keys(var.env_vars), "enable") ? [var.env_vars.enable] : []
content {
actions = [
"lambda:InvokeFunction",
"lambda:InvokeAsync"
]
resources = ["arn:aws:lambda:${var.region}:${data.aws_caller_identity.current.account_id}:function:${statement.value}"]
effect = "Allow"
}
}
however if someone sets the "enable" to "" string the iam policy statement is created. which is not what i want.
My immediate thought is to add a condition that ensures the env var "enable" is not an empty string.
dynamic "statement" {
for_each = (var.deploy == "true" &&
contains(keys(var.env_vars), "enable") &&
var.env_vars.enable != "" ? <<--HERE
[var.env_vars.enable] :
[])
content {
actions = [
"lambda:InvokeFunction",
"lambda:InvokeAsync"
]
resources = ["arn:aws:lambda:${var.region}:${data.aws_caller_identity.current.account_id}:function:${statement.value}"]
effect = "Allow"
}
}
however terraform apply returns an error, because other invocations of this module does not have "var.env_vars.enable" variable.
Error: Missing map element
on ../modules/apollo-beanstalk/main.tf line 222, in data "aws_iam_policy_document" "web":
222: var.env_vars.enable != "" ?
|----------------
| var.env_vars is map of string with 14 elements
This map does not have an element with the key
"enable".
How can I remove any items from the var.env_vars map that have "" as their value?
Upvotes: 2
Views: 4247
Reputation: 239000
Here is an answer addressing the issue with var.env_vars.enable != ""
, if you still are interested in it.
Basically instead of
var.env_vars.enable != ""
you can do the following with lookup:
lookup(var.env_vars, "enable", "") != ""
Upvotes: 1
Reputation: 2368
Okay I got it. This removed any items from env_vars
that have "" string as their value. Fixing my problem.
locals {
env_vars = { for k, v in var.env_vars : k => v if v != ""}
}
Upvotes: 0