I am trying to setup some aws_ssoadmin_managed_policy_attachments (there will end up being a lot) so ideally I just want to be able to update a local variable and then use for_each to go through said variable and churn out a bunch of resources the other side.
I currently have something like the following:
locals {
roles = {
admin = {
//managed_policy_name = toset(["AdministratorAccess", "AWSSupportAccess"])
managed_policy_name = "AWSSupportAccess"
perm_set_name = "admin"
}
auditor = { ...
}
}
There will be a bunch more roles within this. I use the below to transform it to something more usable by the for_each.
managed_policy_map = [for keys, managed_policy_names in local.roles : {
for managed_policy_name in managed_policy_names :
format("%s-%s", keys, managed_policy_name) => { "managed_policy_name" : managed_policy_name }
}]
perm_set_to_managed_policy_map = merge(local.managed_policy_map...)
Output from this:
a = [{
"admin-AWSSupportAccess" = {
"managed_policy_name" = "AWSSupportAccess"
"perm_set_name" = "admin"
}
"admin-admin" = {
"managed_policy_name" = "admin"
"perm_set_name" = "admin"
}
"auditor-ReadOnlyAccess" = {
"managed_policy_name" = "ReadOnlyAccess"
"perm_set_name" = "auditor"
}
"auditor-auditor" = {
"managed_policy_name" = "auditor"
"perm_set_name" = "auditor"
}
"auditor-auditor-permission-set" = {
"managed_policy_name" = "auditor-permission-set"
"perm_set_name" = "auditor"
}
},]
Now, ideally, I would like to use the commented managed_policy_name which uses a list (or set to avoid dupes) //managed_policy_name = toset(["AdministratorAccess", "AWSSupportAccess"])
and cycle through that to end up with something like.
a = [{
"admin-AdministratorAccess" = {
"managed_policy_name" = "AdministratorAccess"
"perm_set_name" = "admin"
}
"admin-AWSSupportAccess" = {
"managed_policy_name" = "AWSSupportAccess"
"perm_set_name" = "admin"
}
"auditor-ReadOnlyAccess" = {
"managed_policy_name" = "ReadOnlyAccess"
"perm_set_name" = "auditor"
} ...
Is this doable? My assumption is that it will be fairly complicated or I'm missing some Terraform function that makes it easy. Any help would be greatly appreciated.
CodePudding user response:
You can simplify your variable structure:
locals {
roles = {
admin = toset(["AdministratorAccess", "AWSSupportAccess"])
auditor = ...
}
}
and then simplify your for
expression:
managed_policy_map = [for role, managed_policy_names in local.roles : {
for policy in managed_policy_names : "${role}-${policy}" => {
"managed_policy_name" = policy
"perm_set_name" = role
}
}]
to easily achieve the same output structure with the set
type instead of the string
type:
[
{
"admin-AWSSupportAccess" = {
"managed_policy_name" = "AWSSupportAccess"
"perm_set_name" = "admin"
}
"admin-AdministratorAccess" = {
"managed_policy_name" = "AdministratorAccess"
"perm_set_name" = "admin"
}
},
]
I would also recommend simplifying the output structure for easier use in the for_each
meta-argument according to the intention stated in the question.