json - How to use iam_policy with condition as optional? - Stack Overflow

admin管理员组

文章数量:1392086

I want to use the terraform resource aws_iam_policy with the policy key set to a complete policy configured in a var and use jsonencode on the value of the var.

I have no issues doing this as long as I am not having the var configured so that the condition part is optional. If i have it set to optional the policy is still generated with a condition key but set to null.

Example code

## var file
variable "policy" {
  type = list(object({
    policy_name = string
    policy_doc = list(objecy({
      Effect = string
      ...
      Condition = optional(map(map(string)))    
    })
  })
}

## Config file
{
  "policy": [
    {
      "policy_name": "somename"
      "policy_doc": [
        {
          ...policy statement with condition...
        },
        {
          ...policy statement without condition...
        }
      ]
    }
  ]
}

## TF file
resource "aws_iam_policy" "my_policy" {
  for_each = {
    for policy in var.policy :
    policy.policy_name => policy.policy_doc
  }
  policy = jsonencode({
    Version = "2017..."
    Statement = each.value
  })
}

As mentioned this generate the condition key on both statements, is where away to get it to work so it only generate it for the one configured with it and using aws_iam_policy resource?

本文标签： jsonHow to use iampolicy with condition as optionalStack Overflow