I'm trying to extend a module that wraps AWS Secrets Manager. Currently it doesn't support replication and I'm trying to add it. I'm using terraform 0.14.
Here's the variable I've added:
variable "replica_regions" {
type = list(string)
description = "A List of Regions"
default = []
}
And here's what I've added inside the "aws_secretsmanager_secret" resource:
dynamic "replica" {
for_each = var.replica_regions
content {
region = replica.value
}
}
This appears to work in that when I add regions it starts to replicate the secret to those regions. And when I remove regions from the list it stops replicating them there. The only issue is when I try to go from 1 region to zero regions, it doesn't seem to do anything and the secret is still be replicated. This happens when I remove replica_regions from the invocation and when I explicitly set it to [].
Any thoughts on why this is?
It is a bug of terraform-provider-aws. If the bug is fixed, it is expected that secret replication will be deleted when variable is in [] state.
This issue should be resolved.