How to do dynamic block defines?

FransUrbo · October 21, 2022, 4:52pm

I’m trying to create a aws_cognito_identity_provider resource, with dynamic block defines of the provider_details attribute depending on which Cognito Identity provider used.

resource "aws_cognito_identity_provider" "provider" {
    count                               = length(var.pool_provider.type) > 0 ? 1 : 0

    user_pool_id                        = aws_cognito_user_pool.pool.id
    provider_name                       = var.pool_provider.type
    provider_type                       = var.pool_provider.type

    dynamic "provider_details" {
        for_each = (var.pool_provider.type == "Google" || var.pool_provider.type == "LoginWithAmazon") ? [1] : []
        content {
            authorize_scopes            = "email"
            client_id                   = "your client_id"
            client_secret               = "your client_secret"
        }
    }

But that just gives me: Blocks of type “provider_details” are not expected here.

If I instead use

    dynamic "provider_details" = {
        [...]
    }

I get The equals sign “=” indicates an argument definition, and must not be used when defining a block.

Anyone have any ideas?

Adithya_Pathipaka · June 17, 2023, 8:54pm

@FransUrbo , Are you able to find a solution for it? I am also looking for solution for the same problem.

FransUrbo · June 18, 2023, 7:05am

In a way.

I created a variable and used that.

variable "pool_provider" {
    description                         = "Cognito user pool provider"
    type                                = list(object({
        type                    = string
        name                    = string
        details                 = map(string)
        mappings                = map(string)
    }))
    default                             = []
    validation {
        condition               = alltrue([
            for pp in var.pool_provider : contains(["SAML", "Facebook", "Google", "LoginWithAmazon", "SignInWithApple", "OIDC"], pp.type)
        ])
        error_message           = "Provider type value must be 'SAML', 'Facebook', 'Google', 'LoginWithAmazon', 'SignInWithApple' or 'OIDC'."
    }
}

[...]

resource "aws_cognito_identity_provider" "provider" {
    count                               = length(var.pool_provider) > 0 ? length(var.pool_provider) : 0

    user_pool_id                        = aws_cognito_user_pool.pool.id
    provider_name                       = var.pool_provider[count.index].type
    provider_type                       = var.pool_provider[count.index].type

    provider_details                    = var.pool_provider[count.index].details
    attribute_mapping                   = var.pool_provider[count.index].mappings
}