How to set default value to aws_iam_policy with terraform?

1
votes

I want to set aws policy dynamically. Set variables to call aws_iam_policy resource. The variable file as

variables.tf

variable "name" {
  default = ""
  type = string
}

variable "policy" {
  default = ""
  type = string
}

In main.tf

resource "aws_iam_policy" "my_policy" {
  name   = var.name
  policy = var.policy
}

When run tflint

name var got:

Error: name must be 1 characters or higher (aws_iam_policy_invalid_name)
Error: "" does not match valid pattern ^[\w+=,.@-]+$ (aws_iam_policy_invalid_name)

policy var got:

Error: policy must be 1 characters or higher (aws_iam_policy_invalid_policy)
Error: "" does not match valid pattern ^[\x{0009}\x{000A}\x{000D}\x{0020}-\x{00FF}]+$ (aws_iam_policy_invalid_policy)

Can't it set to "" string if don't set policy by default?

1
amazon-web-servicesterraformamazon-iam

1 Answers

1
votes

Managed policy name can't be empty string. At least 1 character is required following [\w+=,.@-]+ pattern.

But to auto generate name if you have empty string, you can try the following:

resource "aws_iam_policy" "my_policy" {
  count  = var.policy != "" ? 1 : 0 
  name   = var.name != "" ? var.name : null
  policy = var.policy
}