Terraform passing value to list only when a condition is true

0
votes

I am trying to create a AWS VPC module using Terraform. I am making VPC secondary CIDR an optional feature of the module.

if secondary_cidr = true, then create subnets using the seocandary_cidr and network acls The issue I am running into is with Network ACLs. Network ACLs creation using terraform uses a list subnet IDs to associate to the NACL. I want to create one network ACL to associate primary subnets and secondary subnets only when secondary_cidr=true

See the code below:

  cidr1_subnets = {
    CIDR1_SUBNETS = [aws_subnet.app1-az1.id, aws_subnet.app1-az2.id, aws_subnet.app1-az3.id]
  }
  cidr2_subnets = {
    exists = {
      CIDR2_SUBNETS = [aws_subnet.app2-az1.id, aws_subnet.app2-az2.id, aws_subnet.app2-az3.id]
    }
    not_exists = {}
  }
}

resource "aws_network_acl" "app" {
  vpc_id = aws_vpc.main.id

  egress {
    protocol   = "-1"
    rule_no    = 100
    action     = "allow"
    cidr_block = "0.0.0.0/0"
    from_port  = 0
    to_port    = 0
  }

  ingress {
    protocol   = "-1"
    rule_no    = 100
    action     = "allow"
    cidr_block = "0.0.0.0/0"
    from_port  = 0
    to_port    = 0
  }

  subnet_ids = merge(
    local.cidr1_subnets,
    local.cidr2_subnets[var.secondary_cidr == true ? true : false]
  )

}```
1
terraformterraform-provider-aws

1 Answers

1
votes

I think you are after the following:

subnet_ids =  var.secondary_cidr == true ? merge(local.cidr1_subnets, local.cidr2_subnets) : local.cidr1_subnets

Btw, your locals and the use of merge will fail anyway, but this is a problem of other issue I guess.