<!-- Hi there, Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html. If your issue relates to a specific Terraform provider, please open it in the provider's own repository. The index of providers is at https://github.com/terraform-providers . --> ### Current Terraform Version <!--- Run `terraform version` to show the version, and paste the result between the ``` marks below. This will record which version was current at the time of your feature request, to help manage the request backlog. If you're not using the latest version, please check to see if something related to your request has already been implemented in a later version. --> ``` Terraform v0.13.2 ``` ### Use-cases <!--- In order to properly evaluate a feature request, it is necessary to understand the use-cases for it. Please describe below the _end goal_ you are trying to achieve that has led you to request this feature. Please keep this section focused on the problem and not on the suggested solution. We'll get to that in a moment, below! --> Hi Team, I am using terraform to manage WAF v2 for AWS. I am following the document https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl to create the wafv2. I am looking to dynamically create the default_action for WebACL based on the variable value. If the variable value for `default_action` is `allow`, I need to create WebACL with default_action as `allow {}` and for the value `block` default action should be `block {}`. I have searched the terraform docs and couldn't see an option to have a if-else loop to achieve this. I doubt the feature is available so it might be a feature request on how dynamically add a block based on variable value. I have given a sample code ``` variable "default_action" { type="string" default="allow" } resource "aws_wafv2_web_acl" "web_acl_for_cloudfront" { name = var.waf_acl_name description = var.waf_acl_description scope = var.waf_acl_scope default_action { allow {} # this piece of code should be dynamically updated during terraform plan and apply based on default_action variable } } ``` ### Attempted Solutions <!--- If you've already tried to solve the problem within Terraform's existing features and found a limitation that prevented you from succeeding, please describe it below in as much detail as possible. Ideally, this would include real configuration snippets that you tried, real Terraform command lines you ran, and what results you got in each case. Please remove any sensitive information such as passwords before sharing configuration snippets and command lines. ---> Tried dynamic block with two variables one for block and another one for allow, but no luck. Got the error `Attribute supports 1 item maximum, config has 2 declared` ``` variable "default_action_allow" { type="list" default="[]" } variable "default_action_block" { type="list" default="[true]" } resource "aws_wafv2_web_acl" "web_acl_for_cloudfront" { name = var.waf_acl.name description = var.waf_acl.description scope = var.waf_acl.scope dynamic "default_action" { for_each = var.default_action_allow content { allow{} } } dynamic "default_action" { for_each = var.default_action_block content { block{} } } } ``` ### Proposal <!--- If you have an idea for a way to address the problem via a change to Terraform features, please describe it below. In this section, it's helpful to include specific examples of how what you are suggesting might look in configuration files, or on the command line, since that allows us to understand the full picture of what you are proposing. If you're not sure of some details, don't worry! When we evaluate the feature request we may suggest modifications as necessary to work within the design constraints of Terraform Core. --> This can be kept in the same way like `aws_waf_web_acl`. Reference https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/waf_web_acl. ``` default_action { type = "ALLOW" } ``` ### References <!-- Are there any other GitHub issues, whether open or closed, that are related to the problem you've described above or to the suggested solution? If so, please create a list below that mentions each of them. For example: - #6017 -->