How do I pass in a variable of list(map(string || list(string)))

wfeng-fsde · December 1, 2019, 2:54pm

I’m constructing a dynamic block of conditions as part of aws_iam_policy_document as follows:

data "aws_iam_policy_document" "app" {
  statement {
    effect  = "Allow"
    actions = ["sts:AssumeRole"]

    dynamic "principals" {
      ...
    }

    dynamic "condition" {
      for_each = var.iam_conditions
      iterator = "this"
      content {
        test     = this.operator
        variable = this.variable
        values   = this.values
      }
    }
  }
}

However, I’m having a hard time passing in the variable iam_conditions. list(map(string) won’t work because values is expected to be a list(string). Is it possible to specify the variable type as an or of 2 types string || list(string)?

wfeng-fsde · December 1, 2019, 3:02pm

Oh, never mind. I just realized that I can use the object type:

variable "iam_conditions" {
  description = "test/variable/values entries for conditions that should be applied to the iam role"
  type = list(object({
    operator = string,
    variable = string,
    values   = list(string)
    })
  )
  default = []
}

wfeng-fsde · December 1, 2019, 3:55pm

For anybody who run into this use case, here’s the way I dynamically construct the condition that eventually worked with the above defined type:

data "aws_iam_policy_document" "app" {
  statement {
    effect  = "Allow"
    actions = ["sts:AssumeRole"]

    dynamic "principals" {
    ...
    }

    dynamic "condition" {
      for_each = var.iam_conditions
      content {
        test     = condition.value.operator
        variable = condition.value.variable
        values   = condition.value.values
      }
    }
  }
}