I have this locals in my main.tf:
locals {
inbound_interfaces = [
{
content_source_name = "name1"
content_source_role_arn = {}
environment = var.env_name == "qa" ? "stg" : var.env_name
brand_portfolio = "brand1"
},
{
content_source_name = "name2"
content_source_role_arn = {
sandbox = [
"arn:aws:iam::account1:role",
"arn:aws:iam::account2:role"
]
}
environment = var.env_name == "qa" ? "stg" : var.env_name
brand_portfolio = "brand2"
}
]
}
And in my permissions.tf, I’m setting up the role this way:
resource "aws_iam_role" "content_source_role" {
count = length(local.inbound_interfaces)
name = "CSRole_${local.inbound_interfaces[count.index].content_source_name}"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "${lookup(local.inbound_interfaces[count.index].content_source_role_arn, var.env_name, "arn:aws:iam::account:role/temp_role")}"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
But the lookup that “brings” the arn, fails because I guess it doesn’t expect a list but it expects a string in var.env_name
How can I call that list inside the inbound_interface -> content_source_role_arn, in the lookup, to take both roles and associate them to each role of each content_source?