Conditionally create a service linked policy

throwaway8787 · September 21, 2020, 7:15pm

I’m hitting an idempotency issue: https://github.com/terraform-community-modules/tf_aws_elasticsearch/issues/23

My initial gut re-action is to use count to make this conditional like so:

data "aws_iam_role" "service_linked_role" {
  name = "AWSServiceRoleForAmazonElasticsearchService"
}

resource "aws_iam_service_linked_role" "es" {
  aws_service_name = "es.amazonaws.com"

  count = if data.aws_iam_role.service_linked_role.id != "" ? 0 : 1
}

But, hashicorp has decided they don’t want to support this: https://github.com/hashicorp/terraform/issues/16380

The next option I can think of, is move this out of my modules/aws-elasticsearch up into my main.tf, but it belongs with the elasticsearch code, imho.

Am I stuck making a modules/aws-elasticsearch-setup module which only gets called once??? There has to be a better way!

edit: bug filed https://github.com/terraform-providers/terraform-provider-aws/issues/15252

BrandonALXEllisSS · October 7, 2021, 8:56pm

Just ran into the same issue. Terrible that it was closed like that, I firmly believe this is a very legitimate issue. “just remove it from the module” – then what was the point of having modules in the first place???

Topic		Replies	Views
Unused aws provider/resource failing during plan Terraform	2	956	December 2, 2022
Conditional s3 bucket creation Terraform hcp-terraform	6	2955	July 22, 2022
Bizarre The "count" value depends on resource attributes that cannot be determined until apply error Terraform	13	7093	May 25, 2023
Conditionals in terraform Terraform	5	1057	March 1, 2021
Can I use conditional logic (% if ) in data.aws_iam_policy_document resources Terraform	3	3450	March 18, 2020

Conditionally create a service linked policy

Related topics