Conditional creation of part of JSON file

Terraform
1

Hi. I`m trying to create json template file for emr security configuration. Currently I have the following:

 resource "aws_emr_security_configuration" "this" {
      name = "test-configuration"
      configuration = jsonencode({
          "EncryptionConfiguration": {
            "EnableInTransitEncryption": var.emr_in_transit_encryption_enabled,
            "EnableAtRestEncryption": var.emr_at_rest_encryption_enabled
            "InTransitEncryptionConfiguration": {
              "TLSCertificateConfiguration": {
                "CertificateProviderType": "PEM",
                "S3Object": local.emr_s3_object
              }
            },
            "AtRestEncryptionConfiguration": {
              "S3EncryptionConfiguration": {
                "EncryptionMode": "SSE-KMS",
                "AwsKmsKey": var.kms_key_arn
              },
              "LocalDiskEncryptionConfiguration": {
                "EnableEbsEncryption": true,
                "EncryptionKeyProviderType": "AwsKms",
                "AwsKmsKey": var.kms_key_arn
              }
            }
          }
       })
 }

I want that depends on var.emr_in_transit_encryption_enabled variable (true or false) add or remove the following part:

"InTransitEncryptionConfiguration": {
  "TLSCertificateConfiguration": {
    "CertificateProviderType": "PEM",
    "S3Object": local.emr_s3_object
  }
}

I tried

%{ if var.emr_in_transit_encryption_enabled}
"InTransitEncryptionConfiguration": {
  "TLSCertificateConfiguration": {
    "CertificateProviderType": "PEM",
    "S3Object": local.emr_s3_object
  }
}
{endif}

but it does not work
Is it possible to do that?

2

Hi, is there any valid configuration to use conditional expression inside JSON template file?

3

I create my statements in the local variable and put the conditionals in there, but I’m trying to find a way to suppress a statement:

ex:

  security_service_policy_data {
    managed_service_data = jsonencode(
      {
        defaultAction = {
          type = "BLOCK"
        }
        loggingConfiguration              = null
        overrideCustomerWebACLAssociation = false
        postProcessRuleGroups             = []
        preProcessRuleGroups = [
          local.rule_1, local.rule_2, local.rule_3, local.rule_4, local.rule_5, local.rule_6,
          { excludeRules               = [],
            managedRuleGroupIdentifier = null,
            overrideAction             = { type = "NONE" },
            ruleGroupArn               = var.create_ip_set ? aws_wafv2_rule_group.this[0].arn : aws_wafv2_rule_group.this_no_ip_set[0].arn,
          ruleGroupType = "RuleGroup", sampledRequestsEnabled = null }
        ]
        type = "WAFV2",
        sampledRequestsEnabledForDefaultActions = null
      }

    )
    type = "WAFV2"
  }

and in the locals:

locals {
  common_tags = {
    Environment = var.environment
    Application = var.application
  }

  rule_1 = {
    excludeRules = []
    managedRuleGroupIdentifier = {
      managedRuleGroupName = "AWSManagedRulesCommonRuleSet"
      vendorName           = "AWS"
      version              = null
    }
    overrideAction = {
      type = "NONE"
    }
    ruleGroupArn           = null
    ruleGroupType          = "ManagedRuleGroup"
    sampledRequestsEnabled = null
  }

  rule_2 = ( var.admin_rule ? {
    excludeRules = []
    managedRuleGroupIdentifier = {
      managedRuleGroupName = "AWSManagedRulesAdminProtectionRuleSet"
      vendorName           = "AWS"
      version              = null
    }
    overrideAction = {
      type = "NONE"
    }
    ruleGroupArn           = null
    ruleGroupType          = "ManagedRuleGroup"
    sampledRequestsEnabled = null
  } : null )
}

it works, but the null is not acceptable in the final json, still working on that