hack to allow multiple externalids. Only place this is neccessary is …

…for our own development of ct across multiple environments/accounts, so didn't want to make it part of the offical api for this module
cloudtruth · Nov 19, 2020 · 05f4da1 · 05f4da1
1 parent 90170dd
commit 05f4da1
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/main.tf b/main.tf
@@ -1,3 +1,7 @@
+locals {
+  external_ids = compact(split(",", var.external_id))
+}
+
 data "aws_iam_policy_document" "assume_role" {
   statement {
     sid     = "AllowCloudtruthToAssumeRole"
@@ -9,14 +13,12 @@ data "aws_iam_policy_document" "assume_role" {
     }
 
     dynamic "condition" {
-      for_each = compact([var.external_id])
+      for_each = length(local.external_ids) > 0 ? [1] : []
       content {
         test     = "StringEquals"
         variable = "sts:ExternalId"
 
-        values = [
-          condition.value
-        ]
+        values = local.external_ids
       }
     }