Aws maintenance windows - dynamic targets

Terraform
1

Hi all.

I am trying to build some AWS maintenance windows and in each of them i need to put individual tasks for a list of servers. I have used “chunklist” to split the initial list into multiple pieces but now i am stuck at adding the targets for the tasks. As each list contains 20 instance ids i would like to add each one as a target in a specific task.

The instances are not AWS EC2 but Hybrid activations that i get from a local file. my code is below:

 resource "aws_ssm_maintenance_window" "available-patches-scan-***********" {
  count                      = length(local.chunk)
  name                       = "available_patches_***********-scan-${count.index}"
  allow_unassociated_targets = "true"
  cutoff                     = "1"
  duration                   = "2"
  enabled                    = "true"
  schedule                   = "rate(30 days)"
  start_date                 = local.date_available_patches
}

resource "aws_ssm_maintenance_window_task" "available-patches-scan-***********-task" {
  count            = length(local.chunk)
  //for_each         = local.expanded_names[count.index]
  window_id        = aws_ssm_maintenance_window.available-patches-scan-***********[count.index].id
  name             = "available-patches-scan-***********-task-${count.index}"
  description      = "This is a maintenance window task"
  task_type        = "RUN_COMMAND"
  task_arn         = "AWS-RunPatchBaseline"
  priority         = 1
  service_role_arn = "arn:aws:iam::***********:role/***********"
  max_concurrency  = "7"
  max_errors       = "10"

  dynamic "targets" {
    for_each = flatten(local.chunk[count.index])
    content {
      key    = "InstanceIds"
      values = targets.value
    }
  }

  task_invocation_parameters {
    run_command_parameters {
      service_role_arn = "arn:aws:iam::***********:role/***********"

      notification_config {
        notification_arn    = "arn:aws:sns:eu-west-1:***********:patching-scan"
        notification_events = ["All"]
        notification_type   = "Invocation"
      }

      parameter {
        name   = "Operation"
        values = ["Scan"]
      }
    }
  }
}

and the error is:

Error: Incorrect attribute value type

on available-patches-scan.tf line 29, in resource “aws_ssm_maintenance_window_task” “available-patches-scan-*********-task”:
29: values = targets.value

Inappropriate value for attribute “values”: list of string required.

How can i fix this?

2

just an update on this topic
i have changed the code to the below

dynamic "targets" {
  for_each = [for t in local.chunk[count.index] : format("%s", t)]
  content  {
    key    = "InstanceIds"
    values = [targets.value]
  }
}

and now the error is

Error: List longer than MaxItems

  on available-patches-scan.tf line 12, in resource "aws_ssm_maintenance_window_task" "available-patches-scan-itops-task":
  12: resource "aws_ssm_maintenance_window_task" "available-patches-scan-itops-task" {

Attribute supports 5 item maximum, config has 13 declared

but for testing purposes i also tried with targets.value.value which gave me the below.
Of course targets.value does not have a .value attribute but the string coming from local.chunk[count.index] is ok and that is what is puzzling me

Error: Unsupported attribute

  on available-patches-scan.tf line 32, in resource "aws_ssm_maintenance_window_task" "available-patches-scan-itops-task":
  32:     values = [targets.value.value]
    |----------------
    | targets.value is "mi-087101f33a321002f"

This value does not have any attributes.