Dealing with Conflicts in a resource

Hi there everyone!

I’m sure I’m not the first to encounter this challenge with parameter conflicts in a resource.

I have an AWS SQS queue created by the aws_sqs_queue resource in my scenario. I want to change the encryption from the customer master key to the AWS-managed SSE (and vice-versa) without creating a new queue (i.e. just updating the existing one).

Terraform validation doesn’t allow me to define both parameters in the resource, even if both or one is set to null.

Dynamic properties also don’t seem to be a possibility.

How can we deal with resources with a conflict of properties, as explained in the scenario?

Thanks in advance,
Adriaan

But if you’re changing from one to the other, wouldn’t you just delete the existing one entirely at the same time as adding the new one?

Good question. I should have said that we have an internal module that wraps the resource to enforce standards. For that reason, it could have either of the options, depending on the the user’s usage of the module.

It seems to work just fine for me…

variable "toggle" {
  type = bool
}

resource "aws_sqs_queue" "this" {
  sqs_managed_sse_enabled = var.toggle ? true : null
  kms_master_key_id       = var.toggle ? null : "foobar"
}

EDIT: Though I’m only testing using terraform plan … if you’re getting errors at apply time… show us the errors! Guide to asking for help in this forum

Your example actually helped a lot! I just realised my mistake. I set sqs_managed_sse_enabled to false instead of null.

I appreciate your support.

Next time, I will also look at the Guide when asking questions on this forum.