to troubleshoot I have put it to an output and I get the following
output "endpoint_id" {
value = aws_networkfirewall_firewall.inspection_networkfirewall["us-west-2a"].firewall_status[0].sync_status.attachment[0].endpoint_id
}
I get the following error:
│ Error: Unsupported attribute
│
│ on ../../modules/new-tgw/inspection-vpc/inspection-vpc.tf line 164, in output "endpoint_id":
│ 164: value = aws_networkfirewall_firewall.inspection_networkfirewall["us-west-2a"].firewall_status[0].sync_states.attachment[0].endpoint_id
│
│ Can't access attributes on a set of objects. Did you mean to access an
│ attribute across all elements of the set?
I have been trying to understand the splat method and have tried a number of iterations with the * but not sure I understand it enough to know if I am putting in the right location.
Any help and direction as to how to properly access these nested attributes would be really helpful. Thanks
I have absolutely no knowledge of this part of AWS, but in the documentation you linked to, sync_states is described as a set - that would mean sync_states.attachment can’t possibly work, since what would accessing .attachment on a set mean?
If you’re adequately convinced that sync_states only ever contains one item, you might write sync_states[*].attachment which means "explore every item in sync_states and get the .attachment of each.
You might also consider changing some of your existing [0] parts to [*] to ensure you don’t accidentally throw away information if some of the other data structures that are lists, happen to contain multiple items.
If you get all this working, and there is just one value, wrapped in a list, you might be interested in the Terraform one function one - Functions - Configuration Language | Terraform | HashiCorp Developer - which exists to make it easy to get the single item from a list which should always have one item, and error if it ever has more.
Thanks maxb. I have tried using [*] to replace [0] but I get exactly the same message.
However if I try what you mentioned sync_states[*] I am able to get a little further.
If i set my output to the following:
output "endpoint_id" {
value = aws_networkfirewall_firewall.inspection_networkfirewall["us-west-2a"].firewall_status[0].sync_states[*].attachment[0].endpoint_id
}
i get the following output
+ endpoint_id = [
+ "vpce-<obfuscated>",
]
This is definitely closer to what I am looking for but when I use it in the resource it tells me that I have a type mismatch
Error: Incorrect attribute value type
│
│ on ../../modules/new-tgw/inspection-vpc/inspection-vpc.tf line 161, in resource "aws_route" "tgw_to_firewall_endpoint_route":
│ 161: vpc_endpoint_id = aws_networkfirewall_firewall.inspection_networkfirewall[each.key].firewall_status[0].sync_states[*].attachment[0].endpoint_id
│ ├────────────────
│ │ aws_networkfirewall_firewall.inspection_networkfirewall is object with 3 attributes
│ │ each.key is "us-west-2b"
│
│ Inappropriate value for attribute "vpc_endpoint_id": string required.
not sure why it doesn’t like the string. Maybe because it thinks there is a possible other endpoint_id? There should only be one.