I'm confused on how this works and there's not much documentation so I'm hoping to give a clear problem to my question.
I have this code which creates StackSets for my service. I want to create buckets that are associated with the AWS Accounts I have which I created a module to interact with. I'll go 1:1.
Here is my module as an example:
locals {
account_alias = {
"merry" = "2342342342343"
"alpha" = "234234234234"
"sandbox-fuu" = "234234234234"
"sandbox-fire" = "290823749834"
"sandbox-doo" = "23423423423"
}
}
output "map" {
description = "Map of human-friendly account alias to string numerical account ID (strings because leading 0 are important)"
value = local.account_alias
}
I then use this resource to loop through my aws_cloudformation_stack_set_instance:
resource "aws_cloudformation_stack_set_instance" "instance" {
for_each = var.environment == "sandbox" ? { for key, value in module.account_alias.map : key => value if can(regex("^sandbox-", key)) } : module.account_alias.map
depends_on = [aws_cloudformation_stack_set.base]
region = var.region
stack_set_name = aws_cloudformation_stack_set.base.name
account_id = each.value
parameter_overrides = {
bucketName = each.key
}
}
When I run terraform plan, I get the output of the 3 resources that have sandbox-* accounts which works correctly. The output of the plan is like this:
+ resource "aws_cloudformation_stack_set_instance" "instance" {
+ account_id = "23432432433e33"
+ id = (known after apply)
+ parameter_overrides = {
+ "bucketName" = "sandbox-fire"
}
+ region = "us-west-1"
+ retain_stack = false
+ stack_id = (known after apply)
+ stack_set_name = "fuu-fuu-sandbox"
}
Now here is where the issue arises. When I run terraform apply, I have a baseline aws_cloudformation_stack_set which uses the YAML file for my bucket creation. bucketName is used as an empty string which I would like to use the parameter_overrides to replace the value for the designated AWS account but what happens is I do not get the value but the value of the empty string for all environments ''. What would I need to do to resolve this error?
Parameters:
bucketName:
Type: String
Default: ''
Resources:
GlobalS3Bucket:
Type: AWS::S3::Bucket
Properties:
VersioningConfiguration:
Status: Enabled
BucketName: !Sub fire-bucket-${bucketName}-${AWS::Region}
AccessControl: Private
LifecycleConfiguration:
Rules:
- Id: MoveTfStateFilesToStandardIAToGlacierToNothing
Status: Enabled
NoncurrentVersionTransitions:
- TransitionInDays: 30
StorageClass: STANDARD_IA
- TransitionInDays: 60
StorageClass: GLACIER
NoncurrentVersionExpirationInDays: 730
EDIT: This will show the aws_cloudformation_stack_set where it calls the YAML file for CF:
resource "aws_cloudformation_stack_set" "base" {
name = "fuu-fuu-${var.environment}"
template_body = file("${path.module}/files/code.yaml")
parameters = {
MasterId = var.master_account_id
}
administration_role_arn = var.stack_set_administration_role_arn
execution_role_name = var.execution_role_name
}
This was resolved in a manner which dealt with my Terraform code. Thank you for the support.