Terraform - don't create resource if data source does not exist

Question

I'm using the following set up to iterate through my locals. Certain parameters should only be filled in if terraform can grab the data resource. If the data resource DOES NOT EXIST, then it is noted in the parameter and then the resource creation is skipped.

#Only get the data resource if it exists#################################
data "aws_ssm_parameter" "example_parameter" {
  count        = "${var.does_ssm_parameter_exist == true ? 1 : 0}"
  name         = "ssm_parameter"
}

#List of parameters for all config rules
locals {   
  config_rule_params = {
      "access_keys_rotated" = {
          "input_parameters" = "example"
      },
      "acm_certificate_expiration_check" = {
          #ERROR! Get input parameters from data source if it exists#################################
          "input_parameters" = "${var.does_ssm_parameter_exist == "true" ? "${data.aws_ssm_parameter.example_parameter[count.index].value}" : "DOES_NOT_EXIST"}"
      }
  }

#Only create config rule if input parameters exist
resource "aws_config_config_rule" "parameterised_config_rules" {
  for_each = {
    for rule, params in local.config_rule_params : rule => params
    if params.input_parameters != "DOES_NOT_EXIST"
  }
  input_parameters            = each.value.input_parameters
}

Unfortunately, it seems like I cannot use count.index in this way:

Error: Reference to "count" in non-counted context
"input_parameters" = "${var.does_ssm_parameter_exist == "true" ? "${data.aws_ssm_parameter.example_parameter[count.index].value}" : "DOES_NOT_EXIST"}"
The "count" object can be used only in "resource" and "data" blocks, and only when the "count" argument is set.

Marcin · Accepted Answer · 2020-12-28T22:06:12.757

1

Your use of count.index in locals is incorrect. count can be used in resources and modules only, not locals. Thus you have to explicitly specify which parameter index do you want as follows:

"input_parameters" = "${var.does_ssm_parameter_exist == "true" ? "${data.aws_ssm_parameter.example_parameter[0].value}" : "DOES_NOT_EXIST"}"

Depending on the nature of your example_parameter you many need to have regular loop or use splat expression to get all its values.

edited Dec 28 '20 at 22:06

answered Dec 28 '20 at 22:03

Marcin

215,873
14
235
294

1

This did the trick. Seems like any index will do as long as the 'count' reference isn't included in locals as you mentioned. Thanks a lot! – J. Patwary Dec 28 '20 at 22:06

Terraform - don't create resource if data source does not exist

1 Answers1