I'm using the following set up to iterate through my locals. Certain parameters should only be filled in if terraform can grab the data resource. If the data resource DOES NOT EXIST, then it is noted in the parameter and then the resource creation is skipped.
#Only get the data resource if it exists#################################
data "aws_ssm_parameter" "example_parameter" {
count = "${var.does_ssm_parameter_exist == true ? 1 : 0}"
name = "ssm_parameter"
}
#List of parameters for all config rules
locals {
config_rule_params = {
"access_keys_rotated" = {
"input_parameters" = "example"
},
"acm_certificate_expiration_check" = {
#ERROR! Get input parameters from data source if it exists#################################
"input_parameters" = "${var.does_ssm_parameter_exist == "true" ? "${data.aws_ssm_parameter.example_parameter[count.index].value}" : "DOES_NOT_EXIST"}"
}
}
#Only create config rule if input parameters exist
resource "aws_config_config_rule" "parameterised_config_rules" {
for_each = {
for rule, params in local.config_rule_params : rule => params
if params.input_parameters != "DOES_NOT_EXIST"
}
input_parameters = each.value.input_parameters
}
Unfortunately, it seems like I cannot use count.index in this way:
Error: Reference to "count" in non-counted context
"input_parameters" = "${var.does_ssm_parameter_exist == "true" ? "${data.aws_ssm_parameter.example_parameter[count.index].value}" : "DOES_NOT_EXIST"}"
The "count" object can be used only in "resource" and "data" blocks, and only when the "count" argument is set.
Your use of count.index in locals is incorrect. count can be used in resources and modules only, not locals. Thus you have to explicitly specify which parameter index do you want as follows:
"input_parameters" = "${var.does_ssm_parameter_exist == "true" ? "${data.aws_ssm_parameter.example_parameter[0].value}" : "DOES_NOT_EXIST"}"
Depending on the nature of your example_parameter you many need to have regular loop or use splat expression to get all its values.