我有一个带有多个条件块的地形语句,我需要根据条件启用/禁用其中一个:
statement {
sid = "..."
effect = "Deny"
actions = ["s3:PutObject"]
condition {
# ...
}
condition {
test = "ArnNotEquals"
variable = "aws:PrincipalArn"
values = [var.needed_arn]
# I need to have an expression which turns on / off the current condition like this
# enabled = var.environment == "dev" ? true : false
}
}
有可能以某种方式做到这一点吗?如果没有——也许有办法打开/关闭这些语句?提前感谢!
您应该能够使用动态块实现这一点:
statement {
sid = "..."
effect = "Deny"
actions = ["s3:PutObject"]
condition {
# ...
}
dynamic "condition" {
for_each = var.environment == "dev" ? [1] : []
content {
test = "ArnNotEquals"
variable = "aws:PrincipalArn"
values = [var.needed_arn]
}
}
}