Add enabled var to booloean creation of resources (#10)

This commit adds an “enabled” flag and defaults to true.
cloudposse · Dec 20, 2018 · 8a5424b · 8a5424b
1 parent ae422cd
commit 8a5424b
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 12 deletions.
diff --git a/main.tf b/main.tf
@@ -8,21 +8,28 @@ module "label" {
   tags       = "${var.tags}"
 }
 
+locals {
+  enabled     = "${var.enabled == "true" ? true : false }"
+  require_mfa = "${var.require_mfa == "true" ? true : false}"
+}
+
 # https://www.terraform.io/docs/providers/aws/r/iam_group.html
 resource "aws_iam_group" "default" {
-  name = "${module.label.id}"
+  count = "${local.enabled ? 1 : 0}"
+  name  = "${module.label.id}"
 }
 
 # https://www.terraform.io/docs/providers/aws/r/iam_group_membership.html
 resource "aws_iam_group_membership" "default" {
+  count = "${local.enabled ? 1 : 0}"
   name  = "${module.label.id}"
-  group = "${aws_iam_group.default.id}"
+  group = "${join("", aws_iam_group.default.*.id)}"
   users = ["${var.user_names}"]
 }
 
 # https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html
 data "aws_iam_policy_document" "with_mfa" {
-  count = "${var.require_mfa == "true" ? 1 : 0}"
+  count = "${local.enabled && local.require_mfa ? 1 : 0}"
 
   statement {
     actions = [
@@ -44,14 +51,14 @@ data "aws_iam_policy_document" "with_mfa" {
 }
 
 resource "aws_iam_group_policy" "with_mfa" {
-  count  = "${var.require_mfa == "true" ? 1 : 0}"
+  count  = "${local.enabled && local.require_mfa ? 1 : 0}"
   name   = "${module.label.id}"
-  group  = "${aws_iam_group.default.id}"
+  group  = "${join("", aws_iam_group.default.*.id)}"
   policy = "${data.aws_iam_policy_document.with_mfa.json}"
 }
 
 data "aws_iam_policy_document" "without_mfa" {
-  count = "${var.require_mfa == "true" ? 0 : 1}"
+  count = "${local.enabled && local.require_mfa == false ? 1 : 0}"
 
   statement {
     actions = [
@@ -67,8 +74,8 @@ data "aws_iam_policy_document" "without_mfa" {
 }
 
 resource "aws_iam_group_policy" "without_mfa" {
-  count  = "${var.require_mfa == "true" ? 0 : 1}"
+  count  = "${local.enabled && local.require_mfa == false ? 1 : 0}"
   name   = "${module.label.id}"
-  group  = "${aws_iam_group.default.id}"
+  group  = "${join("", aws_iam_group.default.*.id)}"
   policy = "${data.aws_iam_policy_document.without_mfa.json}"
 }
diff --git a/output.tf b/output.tf
@@ -1,20 +1,20 @@
 output "group_name" {
-  value       = "${aws_iam_group.default.name}"
+  value       = "${join("", aws_iam_group.default.*.name)}"
   description = "The Group's name"
 }
 
 output "group_id" {
-  value       = "${aws_iam_group.default.id}"
+  value       = "${join("", aws_iam_group.default.*.id)}"
   description = "The Group's ID"
 }
 
 output "group_unique_id" {
-  value       = "${aws_iam_group.default.unique_id}"
+  value       = "${join("", aws_iam_group.default.*.unique_id)}"
   description = "Group's unique ID assigned by AWS"
 }
 
 output "group_arn" {
-  value       = "${aws_iam_group.default.arn}"
+  value       = "${join("", aws_iam_group.default.*.arn)}"
   description = "The ARN assigned by AWS for the Group"
 }
 

diff --git a/variables.tf b/variables.tf
@@ -20,6 +20,12 @@ variable "require_mfa" {
   description = "Require the users to have MFA enabled"
 }
 
+variable "enabled" {
+  type        = "string"
+  description = "Whether to create these resources"
+  default     = "true"
+}
+
 variable "namespace" {
   type        = "string"
   description = "Namespace (e.g. `cp` or `cloudposse`)"