Are you able to add aws_iam_policy.PolicyIAMManageOwnMFA.id to my variable stated below. I’m having issues when passing it as a string via “for_each toset()” in aws_iam_group_policy_attachment. I plan to add an AWS of the shelf policy & a custom created one and attach them both to my “Administrator” IAM group.
Input variables are for values provided by the calling module (or the -var and -var-file command line options, if this is a root module). For values you want to compute inside your module you can use Local Values, like this:
on main.tf line 21, in resource "aws_iam_group_policy_attachment" "adminstrator_attach":
21: for_each = toset(local.admin_policies)
The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.
Using count here is okay but has an important consequence: if you ever add new elements to local.admin-custom-p then you must always add them to the end of the list, because the aws_iam_group_policy_attachment.administrator_own_mfa instances will be identified by the numeric positions of the elements in the list.
Similarly, you won’t be able to remove any elements from the list unless they are at the end of the list, because that would renumber all of the elements after it.
The typical advantage of using for_each is that you get to define which tracking key Terraform should use for each of the instances, and so you can freely add and remove instances as long as they all have unique keys.