If Statements Inside Terraform Dynamic Blocks

Posted by Miguel Lopez on Tue 24 January 2023 in terraform

Technical Stack: AWS, Terraform

Read: 5 minutes

Introduction

The default_action for the Terraform aws_lb_listener resource is known as a Terraform configuration block. Configuration blocks can be wrapped in a dynamic block to conditionally include different configurations blocks for a resource.

More Info on Dynamic Blocks.

After reading this, you will understand:

  • How to include multiple default_action blocks for the Terraform aws_lb_listener resource.
  • How to make an optional default_action block.
  • How to write an if-statement for default_action using a dynamic block.

If Statements Inside Dynamic Blocks

Creating an if-statement inside a dynamic block is pretty simple.

The basic setup looks like this:

dynamic "default_action" {
    for_each = var.default_action_type == "authenticate-oidc" ? [1] : []
    ...
}

You'll use the for_each loop to create the dynamic "default_action" {} when the var.default_action_type == "authenticate-oidc".

This example returns [1] when the conditional if-statement is true.

The [1] passed back to the for_each means the dynamic "default_action" will be created.

Real Terraform Examples

Here's how to use these if-statements in Terraform:

  • Notice the two conditionals if-statements for the two different dynamic "default_action" {} blocks in the aws_lb_listener resource.
  • The default_action is selected by a matching the var.default_action_type to dynamic block.

Use var.target_group_arn for var.default_action_type == "forward" to include the target group.

Use var.authenticate_oidc for var.default_action_type == "authenticate-oidc" to include oidc configuration.

resources.tf

resource "aws_lb_listener" "listener" {
  load_balancer_arn = aws_lb.application.arn

  port     = var.port
  protocol = var.protocol

  # Allow Forward Action
  dynamic "default_action" {
    for_each = var.default_action_type == "forward" ? [1] : []
    content {
      type = "forward"
      forward {
        target_group_arn                    = var.target_group_arn
      }
    }
  }

  # Allow Authenticate-OIDC Action
  dynamic "default_action" {
    for_each = var.default_action_type == "authenticate-oidc" ? [1] : []
    content {
      type = "authenticate-oidc"
      authenticate_oidc {
        authorization_endpoint              = lookup(var.authenticate_oidc, "authorization_endpoint")
        client_id                           = lookup(var.authenticate_oidc, "client_id")
        client_secret                       = lookup(var.authenticate_oidc, "client_secret")
        issuer                              = lookup(var.authenticate_oidc, "issuer")
        token_endpoint                      = lookup(var.authenticate_oidc, "token_endpoint")
        user_info_endpoint                  = lookup(var.authenticate_oidc, "user_info_endpoint")
        scope                               = lookup(var.authenticate_oidc, "scope", null)
        session_timeout                     = lookup(var.authenticate_oidc, "session_timeout", 2628000)
        authentication_request_extra_params = lookup(var.authenticate_oidc, "authentication_request_extra_params", null)
      }
    }
  }

variables.tf

variable "port" {
  default = 80
  type    = number
}

variable "protocol" {
  default = "HTTP"
  type    = string
}

variable "default_action_type" {
  description = "Type of Default Action"
}

variable "authenticate_oidc" {
  default = null
  type    = map(any)
}

variable "target_group_arn" {
  default = null
  type    = string
}

Conclusion

All done for now. Hopefully that helps!

Terraform is an Infrastructure-as-Code tool that enables to you safely manage and deploy infastructure on multiple cloud providers.

Read More About Terraform

local terraform terragrunt aws amazon dynamic modules django python cloud eventbridge sns s3 sqs if if-statements logic if-logic conditional aws_lb_listener resource