I am using the for_each meta argument to create the IAM roles. Is there a way to set a default value for the object if it's not defined in one of the key map?
For example, If the key map does not contain the value chain defined for create_custom_role_trust_policy, it's should take the default value as false.
module "iam_assumable_roles" {
for_each = local.iam_roles
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
version = "v5.41.0"
create_role = true
role_requires_mfa = false
role_name = each.key
custom_role_policy_arns = each.value.custom_role_policy_arns
custom_role_trust_policy = each.value.custom_role_trust_policy
create_custom_role_trust_policy = each.value.create_custom_role_trust_policy
trusted_role_arns = each.value.trusted_role_arns
trusted_role_services = each.value.trusted_role_services
}
locals {
iam_roles = {
"${terraform.workspace}_arn_lookup" = {
trusted_role_arns = formatlist(
"arn:aws:iam::%s:root",
local.acceptor_account_ids
)
trusted_role_services = []
custom_role_policy_arns = [
module.iam_policies["permit_role_anywhere_id_lookup_policy"].id
]
},
"ssm_hybrid_role" = {
trusted_role_arns = []
trusted_role_services = ["ssm.amazonaws.com"]
custom_role_policy_arns = [
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
module.iam_policies["ssm_cwl_iam_policy"].id
]
},
"developer_test" = {
create_custom_role_trust_policy = "true"
custom_role_trust_policy = data.aws_iam_policy_document.custom_trust_policy.json
custom_role_policy_arns = [
module.iam_policies["ssm_session_access"].arn
]
}
}
You could use the lookup function:
lookup retrieves the value of a single element from a map, given its key. If the given key does not exist, the given default value is returned instead.
So something like that
create_custom_role_trust_policy = lookup(each.value, "create_custom_role_trust_policy", false)