fix: add count to kms data/resources to avoid creation errors when creation is disabled

bryantbiggs · bryantbiggs · commit ff7733ae65d7 · 2020-10-15T11:09:02.000-04:00
diff --git a/modules/rds_enhanced_monitoring_forwarder/main.tf b/modules/rds_enhanced_monitoring_forwarder/main.tf
@@ -59,7 +59,7 @@ resource "aws_iam_policy" "this" {
     "${path.module}/policy.tmpl",
     {
       vpc_check = var.subnet_ids != null
-      kms_arn   = data.aws_kms_key.this.arn
+      kms_arn   = data.aws_kms_key.this[0].arn
     }
   )
 }
@@ -127,7 +127,7 @@ resource "aws_lambda_function" "this" {
     variables = merge(
       {
         DD_SITE          = var.dd_site
-        kmsEncryptedKeys = aws_kms_ciphertext.this.ciphertext_blob
+        kmsEncryptedKeys = aws_kms_ciphertext.this[0].ciphertext_blob
       },
       var.environment_variables,
       local.version_tag
@@ -159,19 +159,25 @@ resource "aws_cloudwatch_log_group" "this" {
 }
 
 data "aws_kms_key" "this" {
+  count = var.create ? 1 : 0
+
   key_id = var.kms_alias
 }
 
 data "aws_secretsmanager_secret_version" "datadog_api_key" {
+  count = var.create ? 1 : 0
+
   secret_id = var.dd_api_key_secret_arn
 }
 
 resource "aws_kms_ciphertext" "this" {
-  key_id = data.aws_kms_key.this.id
+  count = var.create ? 1 : 0
+
+  key_id = data.aws_kms_key.this[0].id
 
   plaintext = <<EOF
 {
-  "api_key": ${data.aws_secretsmanager_secret_version.datadog_api_key.secret_string},
+  "api_key": ${data.aws_secretsmanager_secret_version.datadog_api_key[0].secret_string},
   "app_key": ${var.dd_app_key}
 }
 EOF
diff --git a/modules/vpc_flow_log_forwarder/main.tf b/modules/vpc_flow_log_forwarder/main.tf
@@ -61,7 +61,7 @@ resource "aws_iam_policy" "this" {
       vpc_check          = var.subnet_ids != null
       s3_check           = length(var.s3_log_bucket_arns) > 0
       s3_log_bucket_arns = jsonencode(var.s3_log_bucket_arns)
-      kms_arn            = data.aws_kms_key.this.arn
+      kms_arn            = data.aws_kms_key.this[0].arn
     }
   )
 }
@@ -129,7 +129,7 @@ resource "aws_lambda_function" "this" {
     variables = merge(
       {
         DD_SITE          = var.dd_site
-        kmsEncryptedKeys = aws_kms_ciphertext.this.ciphertext_blob
+        kmsEncryptedKeys = aws_kms_ciphertext.this[0].ciphertext_blob
       },
       var.environment_variables,
       local.version_tag
@@ -171,19 +171,25 @@ resource "aws_cloudwatch_log_group" "this" {
 }
 
 data "aws_kms_key" "this" {
+  count = var.create ? 1 : 0
+
   key_id = var.kms_alias
 }
 
 data "aws_secretsmanager_secret_version" "datadog_api_key" {
+  count = var.create ? 1 : 0
+
   secret_id = var.dd_api_key_secret_arn
 }
 
 resource "aws_kms_ciphertext" "this" {
-  key_id = data.aws_kms_key.this.id
+  count = var.create ? 1 : 0
+
+  key_id = data.aws_kms_key.this[0].id
 
   plaintext = <<EOF
 {
-  "api_key": ${data.aws_secretsmanager_secret_version.datadog_api_key.secret_string},
+  "api_key": ${data.aws_secretsmanager_secret_version.datadog_api_key[0].secret_string},
   "app_key": ${var.dd_app_key}
 }
 EOF

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ resource "aws_iam_policy" "this" {`
`59`	`59`	`"${path.module}/policy.tmpl",`
`60`	`60`	`{`
`61`	`61`	`vpc_check = var.subnet_ids != null`
`62`		`- kms_arn = data.aws_kms_key.this.arn`
	`62`	`+ kms_arn = data.aws_kms_key.this[0].arn`
`63`	`63`	`}`
`64`	`64`	`)`
`65`	`65`	`}`
`@@ -127,7 +127,7 @@ resource "aws_lambda_function" "this" {`
`127`	`127`	`variables = merge(`
`128`	`128`	`{`
`129`	`129`	`DD_SITE = var.dd_site`
`130`		`- kmsEncryptedKeys = aws_kms_ciphertext.this.ciphertext_blob`
	`130`	`+ kmsEncryptedKeys = aws_kms_ciphertext.this[0].ciphertext_blob`
`131`	`131`	`},`
`132`	`132`	`var.environment_variables,`
`133`	`133`	`local.version_tag`
`@@ -159,19 +159,25 @@ resource "aws_cloudwatch_log_group" "this" {`
`159`	`159`	`}`
`160`	`160`
`161`	`161`	`data "aws_kms_key" "this" {`
	`162`	`+ count = var.create ? 1 : 0`
	`163`	`+`
`162`	`164`	`key_id = var.kms_alias`
`163`	`165`	`}`
`164`	`166`
`165`	`167`	`data "aws_secretsmanager_secret_version" "datadog_api_key" {`
	`168`	`+ count = var.create ? 1 : 0`
	`169`	`+`
`166`	`170`	`secret_id = var.dd_api_key_secret_arn`
`167`	`171`	`}`
`168`	`172`
`169`	`173`	`resource "aws_kms_ciphertext" "this" {`
`170`		`- key_id = data.aws_kms_key.this.id`
	`174`	`+ count = var.create ? 1 : 0`
	`175`	`+`
	`176`	`+ key_id = data.aws_kms_key.this[0].id`
`171`	`177`
`172`	`178`	`plaintext = <<EOF`
`173`	`179`	`{`
`174`		`- "api_key": ${data.aws_secretsmanager_secret_version.datadog_api_key.secret_string},`
	`180`	`+ "api_key": ${data.aws_secretsmanager_secret_version.datadog_api_key[0].secret_string},`
`175`	`181`	`"app_key": ${var.dd_app_key}`
`176`	`182`	`}`
`177`	`183`	`EOF`
Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ resource "aws_iam_policy" "this" {`
`61`	`61`	`vpc_check = var.subnet_ids != null`
`62`	`62`	`s3_check = length(var.s3_log_bucket_arns) > 0`
`63`	`63`	`s3_log_bucket_arns = jsonencode(var.s3_log_bucket_arns)`
`64`		`- kms_arn = data.aws_kms_key.this.arn`
	`64`	`+ kms_arn = data.aws_kms_key.this[0].arn`
`65`	`65`	`}`
`66`	`66`	`)`
`67`	`67`	`}`
`@@ -129,7 +129,7 @@ resource "aws_lambda_function" "this" {`
`129`	`129`	`variables = merge(`
`130`	`130`	`{`
`131`	`131`	`DD_SITE = var.dd_site`
`132`		`- kmsEncryptedKeys = aws_kms_ciphertext.this.ciphertext_blob`
	`132`	`+ kmsEncryptedKeys = aws_kms_ciphertext.this[0].ciphertext_blob`
`133`	`133`	`},`
`134`	`134`	`var.environment_variables,`
`135`	`135`	`local.version_tag`
`@@ -171,19 +171,25 @@ resource "aws_cloudwatch_log_group" "this" {`
`171`	`171`	`}`
`172`	`172`
`173`	`173`	`data "aws_kms_key" "this" {`
	`174`	`+ count = var.create ? 1 : 0`
	`175`	`+`
`174`	`176`	`key_id = var.kms_alias`
`175`	`177`	`}`
`176`	`178`
`177`	`179`	`data "aws_secretsmanager_secret_version" "datadog_api_key" {`
	`180`	`+ count = var.create ? 1 : 0`
	`181`	`+`
`178`	`182`	`secret_id = var.dd_api_key_secret_arn`
`179`	`183`	`}`
`180`	`184`
`181`	`185`	`resource "aws_kms_ciphertext" "this" {`
`182`		`- key_id = data.aws_kms_key.this.id`
	`186`	`+ count = var.create ? 1 : 0`
	`187`	`+`
	`188`	`+ key_id = data.aws_kms_key.this[0].id`
`183`	`189`
`184`	`190`	`plaintext = <<EOF`
`185`	`191`	`{`
`186`		`- "api_key": ${data.aws_secretsmanager_secret_version.datadog_api_key.secret_string},`
	`192`	`+ "api_key": ${data.aws_secretsmanager_secret_version.datadog_api_key[0].secret_string},`
`187`	`193`	`"app_key": ${var.dd_app_key}`
`188`	`194`	`}`
`189`	`195`	`EOF`