Default_action block conditional or a variable for wafv2 resource

marcincuber · June 19, 2020, 9:01am

I have following terraform resource:

resource "aws_wafv2_web_acl" "main" {
  name  = var.name_prefix
  scope = "REGIONAL"

  default_action {
    block {}
  }
}

Question: how can I make default_action block so that it can be passed as a variable? Is there some solution using dynamic block that I am not aware of?

I have tried:

  dynamic "default_action" {
    for_each = var.default_action
    content {
      default_action.value
    }
  }

but this is simply failing with an error: An argument or block definition is required here. To set an argument, use the equals sign “=” to introduce the argument value.

Please advise

Tailzip · July 3, 2020, 9:57am

Hi,

You can do something like this :

  default_action {
    dynamic "allow" {
      for_each = __CONDITION__ ? [1] : []

      content {}
    }

    dynamic "block" {
      for_each = _CONDITION__ ? [] : [1]

      content {}
    }
  }