Initial terraform apply fails with `create_ingress_security_group = true`

[moritzzimmer]

An initial terraform apply using create_ingress_security_group = true fails with

╷
│ Error: Invalid for_each argument
│ 
│   on ../../main.tf line 2, in data "aws_lb" "public":
│    2:   for_each = var.create_ingress_security_group ? toset([for target in var.target_groups : lookup(target, "load_balancer_arn", "")]) : []
│     ├────────────────
│     │ var.create_ingress_security_group is true
│     │ var.target_groups is tuple with 1 element
│ 
│ The "for_each" set includes values derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
│ 
│ When working with unknown values in for_each, it's better to use a map value where the keys are defined statically in your configuration and where only the values contain apply-time results.
│ 
│ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge.

As a workaround it's possible to apply with create_ingress_security_group = false and then afterwards setting the variable to true.

Versions:

Terraform v1.9.0
on darwin_arm64
+ provider registry.terraform.io/cloudposse/template v2.2.0
+ provider registry.terraform.io/cloudposse/utils v1.24.0
+ provider registry.terraform.io/hashicorp/aws v5.58.0
+ provider registry.terraform.io/hashicorp/http v3.4.3
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/random v3.6.2

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[moritzzimmer]

Not stale