0

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object_lock_configuration

So basically I want to make a resource creation optional only if the variable object_lock_enabled is declared. It's an optional variable and if it exists, the bucket recreation is forced and I don't want that with other environments, only for the production.

prod.tfvars

object_lock_enabled = true

main.tf

    module "voucher_s3_bucket" {
      source  = "terraform-aws-modules/s3-bucket/aws"
      version = "3.4.0"
    
      bucket                                = local.voucher_bucket_name
      object_lock_enabled                   = var.object_lock_enabled
   }
.
.
.
    resource "aws_s3_bucket_object_lock_configuration" "example" {
      bucket = 'mybucket'
    
      rule {
        default_retention {
          mode = "COMPLIANCE"
          days = 5
        }
      }
    }

variables.tf

variable "object_lock_enabled" {
  description = "Enable object lock on bucket"
  type        = bool
  default     = null
}

but TF_VAR_env=platform terragrunt plan returns Error during operation: argument must not be null I tried adding this line to the configuration resource bloc

count = var.object_lock_enabled == null ? 0 : 1

But I still get the same error.

Marko E
  • 13,362
  • 2
  • 19
  • 28
joe1531
  • 345
  • 4
  • 16
  • 1
    Please add how you are using count. Otherwise, the answer you got is a correct one. You cannot set a bool variable to null. – Marko E Nov 17 '22 at 11:25

1 Answers1

2

You can just use false instead of null as a default value:

variable "object_lock_enabled" {
  description = "Enable object lock on bucket"
  type        = bool
  default     = false # <----
}

and keep:

object_lock_enabled = var.object_lock_enabled
Youcef LAIDANI
  • 55,661
  • 15
  • 90
  • 140
  • https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object_lock_configuration#argument-reference I haven't tried it but here in the documentation it says that the variable object-lock-enabled will force the recreation of the bucket even it's false, right ? – joe1531 Nov 17 '22 at 11:01
  • I don't understand what you mean, but I think you misunderstand what the lock means check this: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html, there is no relation between the object lock and bucket recreation!! – Youcef LAIDANI Nov 17 '22 at 11:06
  • 2
    Ah, I see where @joe1531 is coming from. So, actually, the object lock can have a value of `Enabled` only. It probably will not work with boolean values. However, @YoucefLaidani's answer is correct if that is fixed. Note that toggling object locking will recreate the **object lock resource** not the bucket as far as I understand. – Marko E Nov 17 '22 at 11:51
  • 1
    Indeed. I tried with the false value, the issue was fixed and I did not get the recreation if though the value was added as false. – joe1531 Nov 17 '22 at 12:14