| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 |
- # At this time, terraform does not support DLM AMI policies, only snapshots.
- # So we do it ourselves
- #
- # NOTE: This will not update an existing policy, but will create one if it's missing.
- # Grab the current policy name. This turned out to be unnecessary for my purposes, but
- # will be useful if in the future we decide to implement a 'modify' resource.
- #
- # WARNING: External data sources are run before the apply, and even before any decision
- # is made whether or not to apply, so do not make changes in such a script.
- data "external" "get_dlm_policies" {
- program = ["bin/get_current_dlm_policies", var.aws_partition, var.aws_region, var.aws_account_id, var.account_name]
- depends_on = [null_resource.create_dlm_policy]
- }
- output "dlm_policies" {
- value = data.external.get_dlm_policies.result
- }
- locals {
- policy_id = lookup(data.external.get_dlm_policies.result, "PolicyId", "NULL")
- }
- # In rare cases, you may need/want to manually recreate this. To do so, run
- # terragrunt taint null_resource.create_dlm_policy
- resource "null_resource" "create_dlm_policy" {
- #count = data.external.get_dlm_policies.result["PolicyId"] == "null" ? 1 : 0
- #count = data.external.get_dlm_policies.result["PolicyId"] == "policy-02af49210b5b375d5" ? 1 : 0
- triggers = {
- aws_partition = var.aws_partition
- aws_region = var.aws_region
- aws_account_id = var.aws_account_id
- account_name = var.account_name
- }
- provisioner "local-exec" {
- command = "bin/create_or_update_dlm_policy ${var.aws_partition} ${var.aws_region} ${var.aws_account_id} ${var.account_name}"
- }
- #provisioner "local-exec" {
- # when = destroy
- # command = "bin/destroy_dlm_policy ${self.triggers.aws_partition} ${self.triggers.aws_region} ${self.triggers.aws_account_id} ${self.triggers.account_name}"
- #}
- }
- output "help" {
- value = "If you need to update/recreate the policy, run: terragrunt taint null_resource.create_dlm_policy"
- }
|
