Condition on a map (of objects) in for_each

Terraform Providers
1

Hi all,

I am trying to create a re-usable company module for creating S3 buckets. I want to set a condition if a given resource will be created or not (lifecycle rules for example) per bucket. So I am using the following variable and for_each in every resource.

variable "bucket_details" {
  type = map(object({
    bucket_name      = string
    enable_lifecycle = bool
  }))
}

resource "aws_s3_bucket" "compliant_s3_bucket" {
  for_each = var.bucket_details

  bucket        = each.value["bucket_name"]
#

I am referencing the module like that:

module "s3_buckets" {
  source = "./modules/aws-s3-testing"

  bucket_details = {
    "fisrtbucketname" = {
      bucket_name      = "onlythefisrtbuckettesting"
      enable_lifecycle = true
    }
    "secondbuckdetname" = {
      bucket_name      = "onlythesecondbuckettesting"
      enable_lifecycle = false
    }
  }
}

But can I use for_each with a if statement based on the “enable_lifecycle” key status (true/false) and create the lifecycle rules only for the bucket(s) I want?

Thank you in advance.

2

Hi again,
I managed to solve the problem above, but want to go a bit deeper. Think it is not possible (yet), but still. What I am trying to achieve is the following. Now some buckets may have lifecycle rule set, some may not.

  • My new var:
variable "bucket_details" {
  type = map(object({
    bucket_name      = string
    enable_lifecycle = bool
    glacier_ir_days  = number
    glacier_days     = number
  }))
}
  • How I go through the map on the lifecycle resource:
resource "aws_s3_bucket_lifecycle_configuration" "compliant_s3_bucket_lifecycle_rule" {
  for_each = { for bucket, values in var.bucket_details : bucket => values if values.enable_lifecycle }

  depends_on = [aws_s3_bucket_versioning.compliant_s3_bucket_versioning]

  bucket = aws_s3_bucket.compliant_s3_bucket[each.key].bucket

  rule {
    id     = "basic_config"
    status = "Enabled"
    abort_incomplete_multipart_upload {
      days_after_initiation = 7
    }

    transition {
      days          = each.value["glacier_ir_days"]
      storage_class = "GLACIER_IR"
    }

    transition {
      days          = each.value["glacier_days"]
      storage_class = "GLACIER"
    }

    expiration {
      days = 2555
    }

    noncurrent_version_transition {
      noncurrent_days = each.value["glacier_ir_days"]
      storage_class   = "GLACIER_IR"
    }

    noncurrent_version_transition {
      noncurrent_days = each.value["glacier_days"]
      storage_class   = "GLACIER"
    }

    noncurrent_version_expiration {
      noncurrent_days = 2555
    }
  }
}
  • How I reference the module currently:
module "s3_buckets" {
  source = "./modules/aws-s3-compliance"

  #

  bucket_details = {
    "fisrtbucketname" = {
      bucket_name      = "onlythefisrtbuckettesting"
      enable_lifecycle = true
      glacier_ir_days  = 555
      glacier_days     = 888
    }
    "secondbuckdetname" = {
      bucket_name      = "onlythesecondbuckettesting"
      enable_lifecycle = false
      glacier_ir_days  = 0
      glacier_days     = 0
    }
  }
}

My question is - is there a way to check if the enable_lifecycle is set to false, to not expect values for glacier_ir_days & glacier_days`?

Thank you in advance.