1. 技术文章
  2. terraform conditional resource

terraform conditional resource

邮差的信 提交于 2020-01-14 07:40:13

问题


I have the following and I want to know what I am doing wrong, as I am sure I shouldn't have to double my code just because of a condition.

So I want to do:

variable "https" { value = true }

resource "aws_security_group" "http_instance_sg" {
  count       = "${var.https ? 0 : 1}"

  ......

}
resource "aws_security_group" "https_instance_sg" {
  count       = "${var.https ? 1 : 0}"

  ......

}

resource "aws_elb" "fe_elb" {
  security_groups = ["${var.https ? aws_aws_security_group.https_instance_sg.id : aws_aws_security_group.http_instance_sg.id}"]
   .....
}

But when I do this terraform complains that http_instance_sg cant be found, which I get it hasn't be built, but surely I dont have to double up on all the code and have:

 resource "aws_elb" "http_fe_elb" {
    count = "${var.https ? 0 : 1}"
    security_groups = ["${aws_aws_security_group.http_instance_sg.id}"]
   .....
  }

 resource "aws_elb" "https_fe_elb" {
    count = "${var.https ? 1 : 0}"
    security_groups = ["${aws_aws_security_group.https_instance_sg.id}"]
   .....
  }

回答1:


The way you are currently defining the code with a count means that the response of the resource is a list. This means you will need to access the values differently

resource "aws_elb" "fe_elb" {
  security_groups = ["${var.https ? element(aws_security_group.https_instance_sg.*.id,0) : element(aws_security_group.http_instance_sg.*.id,0)}"]
   .....
}

It's worth noting that you will get an error if you try to access a list that is empty using this method.

This means you will need to concat an empty value to each to ensure the response of element doesn't throw.

Example using concat

"${var.https ? element(concat(aws_security_group.https_instance_sg.*.id, list("")), 0) : element(concat(aws_security_group.http_instance_sg.*.id, list("")), 0)

Different approach

Without seeing the code I might ask here if there is an easier way to achieve what you are trying to do using a security_group_rule

variable "https" { value = true }

resource "aws_security_group" "instance_sg" {
  # notice we no longer have a count here
}

resource "aws_elb" "fe_elb" {
  security_groups = ["${aws_security_group.instance_sg.id}"]
   .....
}

resource "aws_security_group_rule" "http" {
  count       = "${var.https ? 0 : 1}"
  .... http definitions
  security_group_id = "${aws_security_group.instance_sg.id}"
}

resource "aws_security_group_rule" "https" {
  count       = "${var.https ? 0 : 1}"
  .... https definitions
  security_group_id = "${aws_security_group.instance_sg.id}"
}



回答2:


you must use :

resource "aws_security_group" "http_instance_sg"

instead of: 

resource "aws_aws_security_group" "http_instance_sg"

there is no resource with name "aws_aws_security_group" in Terraform , the error is most probably because of this resource name typo.

Hope it will help!




回答3:


Do you try to add depends_on instruction ? Something like this (I'm not sure about the syntax) :

resource "aws_elb" "fe_elb" { depends_on = [ aws_aws_security_group.https_instance_sg, aws_aws_security_group.http_instance_sg ] security_groups = ["${var.https ? aws_aws_security_group.https_instance_sg.id : aws_aws_security_group.http_instance_sg.id}"] ..... }



来源:https://stackoverflow.com/questions/45654774/terraform-conditional-resource

标签
terraform
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!