Accessing a value (group_id) from a list of objects from a data call to aws_identitystore_groups

catpele · August 27, 2024, 12:16pm

Hi,

I’m trying to create a number of aws_ssoadmin_account_assignments using a for_each loop and I’d like to use a data call to aws_identitystore_groups and then retrieve the required group_id based on another value display_name.

I’ve tried a few variations on the below, using index, but can’t seem to access the value. Is there a way to do this in Terraform?

resource "aws_ssoadmin_account_assignment" "assignment_stg_engineer" {
  for_each = var.domains

  instance_arn = tolist(data.aws_ssoadmin_instances.current.arns)[0]
  permission_set_arn = aws_ssoadmin_permission_set.set_gen_engineer[each.key].arn

  principal_id = data.aws_identitystore_groups.all.groups[index(data.aws_identitystore_groups.groups.*.display_name, each.key)].group_id
  principal_type = "GROUP"

  target_id = var.accounts["stg"]
  target_type = "AWS_ACCOUNT"
}

claytonsilva · August 28, 2024, 3:51am

Do you can share with us the error on process this code?

catpele · August 29, 2024, 9:28am

This object does not have an attribute named "display_name".

If I check the object returned using an output, I can see that it does exist, so I’m assuming I’m either trying to access it incorrectly or it just can’t be accessed in this way.

Changes to Outputs:
  + groups = [
      + {
          + description       = null
          + display_name      = "test"
          + external_ids      = null
          + group_id          = "xxx"
          + identity_store_id = "xxx"
        },
      + {
          + description       = null
          + display_name      = "test2"
          + external_ids      = null
          + group_id          = "xxx"
          + identity_store_id = "xxx"
        },
    ]

catpele · August 29, 2024, 11:39am

So what can I say, ChatGPT to the rescue. The final code required for the principal_id lookup was:

principal_id = lookup(
    {for g in data.aws_identitystore_groups.groups.groups : g.display_name => g.group_id},
    each.key, null # Replace with a fallback or handle the case where the group is not found
  )

claytonsilva · August 29, 2024, 3:37pm

Yeah, it’s because you don’t have object to access the property, you have a array of objects.

you can use for expressions to solve.

This litte change in your expression.

{for g in data.aws_identitystore_groups.groups.groups: g.display_name => g.group_id if g.group_id  != null }

you can attribute this expression a local element and use this output in for_each meta

catpele · August 30, 2024, 11:40am

Beautiful, thanks for that it makes sense that I’d need to loop through the array.

Topic		Replies	Views
Trouble accessing elements of a list Terraform	2	489	February 25, 2023
Accessing resources indirectly Terraform	2	872	June 12, 2020
Problem using for_each and indexing Terraform	6	3729	November 6, 2019
Extract objects without for_each Terraform	1	309	November 17, 2022
Unable to call/pass the value from list(objects) in the resource block Terraform	0	146	December 23, 2023

Accessing a value (group_id) from a list of objects from a data call to aws_identitystore_groups

Related topics