Using Terraform to setup multiple Tags for AWS Config using approved-amis-by-tag

Question

I have a problem understanding how to add multiple tags into AWS Config for the config rule approved-amis-by-tag using Terraform.

This is my setup:

# AWS Config Rule that checks if the AMIs used are in the list of compliant AMIs
resource "aws_config_organization_managed_rule" "approved-amis-by-tag" {

depends_on = [
  aws_config_configuration_recorder.config_recorder
]

name            = "approved-amis-by-tag"
rule_identifier = "APPROVED_AMIS_BY_TAG"

input_parameters = <<EOF
{
  "amisByTagKeyAndValue": {
    "approvedAmiLinux": "amazonLinux",
    "approvedAmiLinux2": "amazonLinux2",
    "approvedAmiUbuntu20.04": "Ubuntu20.04",
    "approvedAmiUbuntu22.04": "Ubuntu22.04"
  }
}
EOF

timeouts {
  create = "10m"
  delete = "10m"
  update = "10m"
  }
}

When I run this using terraform -plan it works as expected. As soon as I try to deploy it to AWS using terraform apply, I get the following error message:

Error: error creating Config Organization Managed Rule (approved-amis-by-tag): InvalidParameterValueException: Blank spaces are not acceptable for input parameter: amisByTagKeyAndValue. │ │ with aws_config_organization_managed_rule.approved-amis-by-tag, │ on 07_config.tf line 102, in resource "aws_config_organization_managed_rule" "approved-amis-by-tag": │ 102: resource "aws_config_organization_managed_rule" "approved-amis-by-tag" {

How do I need to formulate "amisByTagKeyAndValue" so that this works fine?

Answer 1

This is most likely due to an issue with the JSON formatting in your string. This would be more easily and confidently accomplished with jsonencode:

input_parameters = jsonencode({
  "amisByTagKeyAndValue" = {
    "approvedAmiLinux"       = "amazonLinux",
    "approvedAmiLinux2"      = "amazonLinux2",
    "approvedAmiUbuntu20.04" = "Ubuntu20.04",
    "approvedAmiUbuntu22.04" = "Ubuntu22.04"
  }
})