I have a list of policies in custom_role_policies which is a list of maps in the main module,and for now i am passing the POLICY HEREDOC in tfvars directly ,which i dont want.I would like to parse the file function with the same of name of the policy in locals , is it possible ?
I am using this locals to convert the variable key into map modules instead of writing seperate modules
file/folder structure
.
├── main.tf
├── policies
│ ├── test_policy1.json
│ └── test_policy2.json
├── provider.tf
├── roles.tfvars
├── terragrunt.hcl
└── variables.tf
1 directory, 7 files
My tfvars
---
roles_config = {
"test_role" = {
role_path = "/service-role/"
custom_role_trust_policy = <<POLICY #### Instead of using as direct json statement in tfvars
SOMETHING IN JSON
POLICY
custom_policies_needed = true
custom_role_policies = [
{
name = "test_policy1"
policy = file("${path.module}/policies/name_of_the_policy.json") #### This is not allowed in tfvars
},
{
name = "test_policy2"
policy = file("${path.module}/policies/name_of_the_policy.json") #### This is not allowed in tfvars
}
]
},
}
Here is my main.tf
---
module "mi-roles" {
source = "../../../modules/iam-role-with-policy"
for_each = { for rolesconfig in local.roles_config : rolesconfig.name => rolesconfig }
create_role = true
role_name = each.key
role_path = try(each.value.role_path)
custom_role_trust_policy = try(each.value.custom_role_trust_policy)
custom_role_policy_arns = try(each.value.custom_role_policy_arns)
custom_role_policies = try(each.value.custom_role_policies)
managed_role_inline_policies = try(each.value.inline_policies)
tags = {
"RoleName" = try(each.key)
}
}
locals {
roles_config = flatten([
for roles_key, roles_value in var.roles_config : [
for roles_count in range(1) : {
name = try(roles_key)
role_path = try(roles_value.role_path, "/")
custom_role_policy_arns = try(roles_value.custom_role_policy_arns, [])
custom_role_trust_policy = try(roles_value.custom_role_trust_policy)
custom_role_policies = try(roles_value.custom_policies_needed, false) ? roles_value.custom_role_policies: []
inline_policies = try(roles_value.inline_policies_needed, false) ? roles_value.custom_inline_policies : []
}
]
])
}