Is it possible to turn the access_logs block on and off via the environment_name variable?
One way to achieve this with TF 0.12 onwards is to use dynamic blocks:
dynamic "access_logs" {
for_each = var.environment_name == "production" ? [var.environment_name] : []
content {
bucket = "my-bucket"
prefix = "${var.environment_name}-alb"
}
}
This will create one or zero access_logs blocks depending on the value of var.environment_name.
In the current terraform, the if
statement is only a value and can not be used for the block.
There is a workaround in this case. You can set the enabled
attribute of the access_log
block to false
. Note that this is not a general solution but can only be used with the access_log
block.
access_logs {
bucket = "my-bucket"
prefix = "${var.environment_name}-alb"
enabled = "${var.environment_name == "production" ? true : false }"
}
See also:
- https://www.terraform.io/docs/providers/aws/r/elb.html#access_logs
- https://www.terraform.io/docs/providers/aws/r/alb.html#access_logs
- https://github.com/hashicorp/terraform/pull/11120
Expanding on Juho Rutila's answer as it's too much to fit in a comment.
This is possible using dynamic blocks from v0.12, but I found the properties had to be included in a nested content
block. The for_each
statement is also a bit tricky, so I found it sensible to extract that into a local to make the important stuff more readable:
locals {
isProd = var.environment_name == "production" ? [1] : []
// Not necessary, but just illustrating that the reverse is possible
isNotProd = var.environment_name == "production" ? [] : [1]
}
dynamic "access_logs" {
for_each = local.isProd
content {
bucket = "my-bucket"
prefix = "${var.environment_name}-alb"
}
}
You can read more about dynamic blocks here: https://www.terraform.io/docs/configuration/expressions.html#dynamic-blocks