How can I use an existing resource OR create a new one if it doesn't exist?

Question

I need to add a security policy with an associated domain. However, the security policy may already exists with other domains and I will need to add to the domain list.

Normally, the idempotent nature of biceps will allow me to create the security policy each time and it will only apply changes. However, if I only have one domain in the creation statement it removes the existing domians.

To solve this, I get the associated domians and add a new one to this array. Then I call a module that creates the securityPolicy adding the new domian and preserving the existing domains.

resource securityPolicy 'Microsoft.Cdn/profiles/securitypolicies@2022-11-01-preview' existing = {
  parent: fdprofile
  name: securityPolicyName
}

var targetDomain = [{
  isActive:true
  id: fdEndpoint.id 
}]
var domainArray = securityPolicy.properties.parameters.associations[0].domains

var existingDomainEntry = filter(domainArray, x => x.id == fdEndpoint.id)

//if there is no existingDomainEntry entrty add it, if there is then copy the domainArray to the newDomainArray 
var newDomainArray = length(existingDomainEntry) == 0 ? concat(domainArray, targetDomain) : domainArray

module server './frontdoor_integration_securitypolicy.bicep' = {
  name: '${deployment().name}-fd-securitypolicy'
  params: {
    frontDoorName: name
    wafName: wafName
    securityPolicyName: securityPolicyName
    domains: newDomainArray
  }
}

My module that adds the securityPoloicy with the domains does this:

param frontDoorName string
param wafName string
param securityPolicyName string
param domains array

resource fdprofile 'Microsoft.Cdn/profiles@2023-07-01-preview' existing = {
  name: frontDoorName
}

resource waf 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies@2022-05-01' existing = {
  name: wafName
}


resource secutiy_policies 'Microsoft.Cdn/profiles/securitypolicies@2022-11-01-preview' = {
  parent: fdprofile
  name: securityPolicyName
  properties: {
    parameters: {
      wafPolicy: {
        id: waf.id
      }
      associations: [
        {
          domains: domains
          patternsToMatch: [
            '/*'
          ]
        }
      ]
      type: 'WebApplicationFirewall'
    }
  }
}

This works when the security policy already exists. However, if the security policy does not exist it thows an error when getting a reference to the existing securityPolicy.

In some cases, there will be no security policy so I need to create it with a single domain. In other cases, the security poloicy will exists and I need to create it with the existing domains plus the new domain.

Am I making this too complicated? Does anyone know a better way to do this?

How can I get an existing reource, but add the resource if it doesn't exist?