Create a list of arn from data source "aws_iam_arn" output result

Terraform
1

I am trying to use data source "aws_iam_arn" to retrieve user arns and assemble them to a local variables (a list) so it can be used to provision other aws resources. However I am stuck at pick the arn in the returned result
Here is my code

data "aws_iam_user" "this" {
  for_each  = { for user in local.users : user => user }
  user_name = each.value
}

locals {
  arn_list = [for user in data.aws_iam_user.this[*].arn : user]
  users = ["user1", "user2"]
}

output "data_result" {
  value = data.aws_iam_user.this[*]
}

output "user_arn" {
  value = local.arn_list
}

the output data_result showing something as below

+ data_result = [
      + {
          + user1   = {
              + arn                  = "arn:aws:iam::zzzzzzzzzz:user/user1"
              + id                   = "AAAAAAAAAAAAAAAAAAA"
              + path                 = "/"
              + permissions_boundary = ""
              + tags                 = {
                  + AAAAAAAAAAAAAAAAAAA = "user1"
                }
              + user_id              = "AAAAAAAAAAAAAAAAAAA"
              + user_name            = "user1"
            }
          + user2 = {
              + arn                  = "arn:aws:iam::zzzzzzzzzz:user/user2"
              + id                   = "BBBBBBBBBBBBBBBBBB"
              + path                 = "/"
              + permissions_boundary = ""
              + tags                 = {}
              + user_id              = "BBBBBBBBBBBBBBBBBB"
              + user_name            = "user2"
            }
        },
    ]

but getting below error
Error: Invalid index

│ on main.tf line 11, in locals:
│ 11: arn_list = [for user in data.aws_iam_user.this[0].arn : user]
│ ├────────────────
│ │ data.aws_iam_user.this is object with 2 attributes

│ The given key does not identify an element in this collection value. An
│ object only supports looking up attributes by name, not by numeric
│ index.

2

Hi @cici,

A resource or data block with for_each set will always materialize as a map or object value where the keys/attributes match the keys of your for_each expression.

If you want to project that to just be a set of ARNs then you can use a for expression as you tried but with some different details:

locals {
  arns = toset([
    for user in data.aws_iam_user.this : user.arn
  ])
}

I used a set here because these ARNs don’t seem to be in any specific meaningful order and so using a list – an ordered sequence of values – would potentially mislead a future maintainer into thinking they can rely on the order being stable and/or meaningful. However, if you do intend to promise an ordered list then you can use tolist instead of toset, in which case for the current definitely they will be ordered by the lexical order of your local.users entries.

The [*] didn’t work here because that operator is designed for lists and sets, rather than for maps and objects. You inadvertently activated the “Single Values as Lists” interpretation by applying it to an object value, and so that constructed a single-element list containing the original object, which then failed when you tried to access element zero of that object (because objects don’t have numeric indices).