Hi, I think it will really helpful if someone could create a simple tutorial on Terraform console. I understand it is very powerful and helpful.
I have not been able to find enough documentation.
Thanks !
Hi @Jim420!
Could you share a little more detail about what exactly you want to do with terraform console?
Hi @apparentlymart,
Thank you for your reply.
I am trying to create a policy document for a LIST of s3 objects or dynamodb table. At present I create a text file and use the aws_iam_role_policy ( nothing fancy but works)
Here are the steps I was thinking using the new for-each feature :
1 Define a list of variables ( buckets or dynamodb tables)
variable “bn” {
type = “list”
default = [“test-prod”,“test-dev”,“test-qa”]
}
- Define another static variable:
variable “arn” {
default = “arn:aws:s3:::”
}
- Using for-each and join/concat create a final list to define Resource
Resource = [
“arn:aws:s3:::test-prod/",
"arn:aws:s3:::test-dev/”,
“arn:aws:s3:::test-qa/*”
]
- Finally, define the policy document using aws_iam_policy_document:
data “aws_iam_policy_document” “buckets_policy” {
statement {
sid = “bucket_policy”
actions = [“s3:"]
Resource = [ "arn:aws:s3:::test-prod/”,
“arn:aws:s3:::test-dev/",
"arn:aws:s3:::test-qa/” ]}
}
Really appreciate your help and magic here.
Thanks !
Hi @Jim420,
You can create the resource ARNs you are looking for with a for expression like this:
resources = [
for bn in var.bn : "${var.arn}${bn}/*"
]
Unless you will need to override arn:aws:s3::: in some cases or will use it in many locations I’d probably just write it literally in the expression above, but I used the variable here to provide the most direct answer to your question.
Does that help you get the result you needed here?
(Unfortunately the forum interpreted your code sequences as block quotes rather than code, so they may have been corrupted and I might not be reading them correctly. To ensure correct literal formatting of your code blocks, it’s best to use the “Preformatted Text” button on the editor toolbar (it looks like a pair of pointy brackets, <>) to add markup so that the forum can tell that you intend that portion to be code. If what I shared above doesn’t answer your question because I misread your examples, it’d be great if you could edit your post to improve the formatting. Thanks!)
2 Likes
Thanks @apparentlymart
-
I am unable to edit as I get an error message saying that it is too late to edit.
-
Yes, This is exactly what I was looking to do but how can do the same in terraform console to confirm that I am getting the desired results.
-
I can see the two variables ( var.arn and var.bn) in terraform console
terraform console
var.arn
arn:aws:s3:::
var.bn
[
“test-prod”,
“test-dev”,
“test-qa”,
]
Question, how can test the output of the following code which you have written ?
resources = [
for bn in var.bn : "${var.arn}${bn}/*"
]
Thanks again.
You can paste the expression part of that attribute definition into the terraform console prompt:
> [ for bn in var.bn : "${var.arn}${bn}/*" ]
[
"arn:aws:s3:::test-prod/*",
"arn:aws:s3:::test-dev/*",
"arn:aws:s3:::test-qa/*",
]
1 Like
@apparentlymart
Amazing !
Very helpful.
Can you show me one more example ( may be your favorite) of trying out interpolations ?
THANKS !