Getting output from null_resource, local-exec and the AWS CLI.

[tim.bar...@gmail.com]

Hi,

I'm using Terraform to automate provision of Cognito Identity Pools in AWS. The AWS provider doesn't support Cognito yet so I've been using null_resource and local-exec to call the AWS CLI.

I have the following resource:

resource "null_resource" "create-identitypool" {
    provisioner "local-exec" {
        command = "aws cognito-identity create-identity-pool --identity-pool-name terraform_identitypool --no-allow-unauthenticated-identities --developer-provider-name login.terraform.myapp"
    }
}

which gives the following output:

null_resource.create-identitypool (local-exec): {
null_resource.create-identitypool (local-exec):     "IdentityPoolId": "eu-west-1:22549ad3-1611-......",
null_resource.create-identitypool (local-exec):     "AllowUnauthenticatedIdentities": false,
null_resource.create-identitypool (local-exec):     "DeveloperProviderName": "login.terraform.myapp",
null_resource.create-identitypool (local-exec):     "IdentityPoolName": "terraform_identitypool"
null_resource.create-identitypool (local-exec): }
null_resource.create-identitypool: Creation complete

The next step is to add some roles, which I've already created, to the identity pool:

resource "null_resource" "attach-policies-identitypool" {
    provisioner "local-exec" {
        command = "aws cognito-identity set-identity-pool-roles --identity-pool-id ${null_resource.create-identitypool.IdentityPoolId} --roles authenticated=authroleXXX,unauthenticated=unauthroleXXX"
    }
}

The issue is that I'm unable to extract the IdentityPoolId, ${null_resource.create-identitypool.IdentityPoolId}, to use in the second resource. I understand the null_resource doesn't have output attributes, so how can I get this JSON object out of the command line output. I'll also want to use tirggers and run aws cognito-identity list-identity-pools and possibly delete-identity-pool to make this all repeatable from which I'll also need the output.

Any ideas? And apologies if I've missed this information somewhere else.

Thanks,

Tim

[Kevin Lee]

I've also wanted to do something similar in the past.  The only method I've found to be able to do this is to output the data to a temp file on the local file system, then read it back in.  Might be able to use a null_resource to get the data, store into a temp file on the local file system, then read the file in as a template so that you can put the value into a variable.  A bit of a hack, but I haven't figured out another way to do it at the moment.

https://www.terraform.io/docs/providers/template/d/file.html

[Alex Raju]

I have a similar use-case and was trying your method. But, I'm not getting any output as the templates are pre-rendered and the temp files are generated at a later stage.