search

terraform-aws-modules / terraform-aws-iam

Terraform module to create AWS IAM resources πŸ‡ΊπŸ‡¦
https://registry.terraform.io/modules/terraform-aws-modules/iam/aws
Apache License 2.0
787 stars 1k forks source link

var.role_policy_arns #232

Closed yevgenypats closed 2 years ago

yevgenypats commented 2 years ago

Description

Please provide a clear and concise description of the issue you are encountering, and a reproduction of your configuration (see the examples/* directory for references that you can copy+paste and tailor to match your configs if you are unable to copy your exact configuration). The reproduction MUST be executable by running terraform init && terraform apply without any further changes.

If your request is for a new feature, please use the Feature request template.

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

Reproduction Code [Required]

Steps to reproduce the behavior:

https://github.com/cloudquery/terraform-aws-cloudquery/tree/acd82e3429544b94960e2a34414b1d405d6b874e/examples/complete

Running terraform apply will product the following error:

β”‚ Error: Invalid for_each argument
β”‚ 
β”‚   on .terraform/modules/cloudquery.cluster_irsa/modules/iam-role-for-service-accounts-eks/main.tf line 42, in resource "aws_iam_role_policy_attachment" "this":
β”‚   42:   for_each = toset([for arn in var.role_policy_arns : arn if var.create_role])
β”‚     β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚     β”‚ var.create_role is true
β”‚     β”‚ var.role_policy_arns is a list of string, known only after apply
β”‚ 
β”‚ The "for_each" value depends on resource
β”‚ attributes that cannot be determined until
β”‚ apply, so Terraform cannot predict how many
β”‚ instances will be created. To work around
β”‚ this, use the -target argument to first
β”‚ apply only the resources that the for_each
β”‚ depends on.

Expected behavior

Actual behavior

Terminal Output Screenshot(s)

Additional context

bryantbiggs commented 2 years ago

Duplicate of #193

antonbabenko commented 2 years ago

@yevgenypats I have been looking into this right now, and it seemed to me that this issue was not very consistent.

The linked example in the cloudquery repository creates 55+ resources, and sometimes it produces this error, but in most cases, it doesn't. When I reduced the scope of that example (by disabling the creation of the VPC resources, for example), it worked without a problem.

For the time being, using terraform apply -target=... prior to the main terraform apply should be a solution for cases like this (not necessarily limited to this module).

github-actions[bot] commented 2 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.