Avoid any unless supporting multiple types is genuinely required. Here, it’s clear that the values inside the lists will always be of type string.
There are a couple of problems here: managed_policy_arn is not a block, and dynamic is only for creating blocks. managed_policy_arn also only accepts a single value.
You need a separate instance of aws_ssoadmin_managed_policy_attachment for every combination of ARNs.
That means your top level for_each within the resource block needs to iterate over both permissions sets and policies.
This is possible, it just gets a bit messy:
resource "aws_ssoadmin_managed_policy_attachment" "policy_attachment" {
for_each = {
for combination in flatten([
for permission_set, policy_arns in var.policy_attachments : [
for policy_arn in policy_arns : {
key = "${permission_set} ${policy_arn}"
permission_set = permission_set
policy_arn = policy_arn
}
]
]) :
combination.key => combination
}
permission_set_arn = aws_ssoadmin_permission_set.ssoadmin_permission_set[each.value.permission_set].arn
managed_policy_arn = each.value.policy_arn
instance_arn = ...
}