Adding multiple "managedRuleGroupName" in the aws_fms_policy resource

vsharmasrv · August 25, 2021, 11:17am

Below code basically creates 4 Policies with 4 different types of “managedRuleGroupName”:
resource “aws_fms_policy” “abc” {
provider = aws.mu
name = var.policy_name
for_each = toset(var.pre_process_managed_rule_group_names)
//Policy rules
security_service_policy_data {
type = var.policy_type
for_each = toset(var.pre_process_managed_rule_group_names)
managed_service_data = jsonencode({
type = var.policy_type
//First Rule Groups (can be defined via preProcessRuleGroups here)

  preProcessRuleGroups = [
    {
      //Available options for overrideAction are NONE|COUNT
      overrideAction = { type = "COUNT" }
      managedRuleGroupIdentifier = {
        vendorName = "AWS"
        //managedRuleGroupName = "AWSManagedRulesCommonRuleSet"
        managedRuleGroupName = each.key
      }
      ruleGroupType = "ManagedRuleGroup"
      excludeRules = []
    }

##########
I wanted to create a policy with all for “managedRuleGroupName” associated with one Policy while not having to create the block of managedRuleGroupIdentifier 4 times

jsteinich · August 26, 2021, 3:01am

If you don’t need to use Terraform variables and can instead use language appropriate configuration, you could create the different groups using a for loop in the language that you are working with.

If you do indeed need to keep using Terraform variables, at this point you’ll need to resort to use overrides that effectively let you write the hcl.

Topic		Replies	Views
For each inside a resource causes "resource already exists error" AWS	1	1146	August 2, 2022
Terraform import for multiple policies Terraform	12	1955	December 5, 2022
Attach multiple policy to single SSO permission set Terraform	2	1407	June 15, 2023
Multiple values for parameters in aws_networkfirewall_rule_group AWS	2	80	September 30, 2024
Multiple counts in a resource Terraform	1	5894	October 21, 2019

Adding multiple "managedRuleGroupName" in the aws_fms_policy resource

Related topics