Hi everyone, I am trying to iterate over a list of strings (EKS cluster roles) and would like to have generate an output for the aws-auth configmap if the role name matches with IAM role ARNs which are being iterated over in the outer loop. Since the IAM role includes a non-predictable random part, the match should be based on a substring, ideally provided by replacing the variable of the cluster role string. I am thinking of something like this (pseudo-code):
locals {
sso_arns = [for group in local.permission_sets.clustername : {
groups = [group]
username = "${group}:{{SessionName}}"
rolearn = toset([for role in data.aws_iam_roles.sso_roles.names : role if role == group])
}]
map = yamlencode(local.sso_arns)
}
I am unsure about the if condition to match role with group and think that regex filter might make more sense, but then I have the problem of a variable substitution within the expression and I have no idea if this is even possible with Terraform by doing something like this:
rolearn = toset([for role in data.aws_iam_roles.sso_roles.names : role if regex(".*${group}.*, role)])
Obviously, the part with ${group}
would require proper escaping but this is where I am lost and I’d really appreciate any help here.
Thanks!