I am getting this error in TF plan
Error: Invalid for_each argument
18:52:19 on antivirus.tf line 50, in module “antivirus_incremental_scan”:
18:52:19 50: for_each = { for idx, instance in local.ec2_instances : instance.name => instance }
18:52:19
18:52:19 The “for_each” value depends on resource attributes that cannot be determined
18:52:19 until apply, so Terraform cannot predict how many instances will be created.
18:52:19 To work around this, use the -target argument to first apply only the
18:52:19 resources that the for_each depends on.
18:52:19
18:52:19
18:52:19 Error: Invalid for_each argument
18:52:19 on antivirus.tf line 68, in module “antivirus_weekly_scan”:
18:52:19 68: for_each = { for idx, instance in local.ec2_instances : instance.name => instance }
18:52:19
18:52:19 The “for_each” value depends on resource attributes that cannot be determined
18:52:19 until apply, so Terraform cannot predict how many instances will be created.
18:52:19 To work around this, use the -target argument to first apply only the
18:52:19 resources that the for_each depends on.
The Tf script I am using is this one
data “aws_instances” “virus_scan_instances” {
instance_tags = {
Client_Prefix = var.client_prefix
Capability = var.capability
Environment = var.environment
}
}
data “aws_instance” “all” {
count = length(data.aws_instances.virus_scan_instances.ids)
instance_id = data.aws_instances.virus_scan_instances.ids[count.index]
}
locals {
ec2_instances = [
for instance in data.aws_instance.all : {
id = instance.id
name = lookup(instance.tags, “Name”, “No Name”)
}
]
}
Use a conditional to create maintenance windows only if instances exist
resource “aws_ssm_maintenance_window” “daily_virus_scan” {
for_each = length(local.ec2_instances) > 0 ? { for idx, instance in local.ec2_instances : instance.id => instance } : {}
name = “{var.client_prefix}-{var.environment}-${var.capability}-maintenance-window-antivirus-daily”
schedule = “cron(0 3 ? * MON-SAT)”
duration = 1
cutoff = 0
description = “A window for virus scans to run once per day”
tags = local.common_tags
}
resource “aws_ssm_maintenance_window” “weekly_virus_scan” {
for_each = length(local.ec2_instances) > 0 ? { for idx, instance in local.ec2_instances : instance.id => instance } : {}
name = “{var.client_prefix}-{var.environment}-${var.capability}-maintenance-window-antivirus-weekly”
schedule = “cron(0 3 ? * SUN *)”
duration = 1
cutoff = 0
description = “A window for virus scans to run once per week”
tags = local.common_tags
}
module “antivirus_incremental_scan” {
for_each = { for idx, instance in local.ec2_instances : instance.name => instance }
source = “…/…/…/modules/aws_services/systems_manager/maintenance_task_shell_script”
enabled = true
node_name = “{each.value.name}_incremental_antivirus_task"
maintenance_window_id = aws_ssm_maintenance_window.daily_virus_scan[each.key].id
node_instance_id = each.value.id
log_output_bucket = "{var.bucket_prefix}-antivirus-{var.region}"
log_output_bucket_key = "{var.client_prefix}/ec2-antivirus-logs/{var.environment}/weekly_scan/{each.value.name}”
description = “A job to run an incremental antivirus scan on target instance on files that are under 24 hours old”
commands_to_run = [
“sudo /usr/local/bin/virusscan --environment ${var.environment} -i 1440 -a quarantine-move -e /opt/eipaas/quarantine,/sys,/proc,/dev,/var/run/docker,/var/lib/docker,/etc/puppetlabs,/var/lib/clamav,/opt/nomad,/var/log,/opt/graphite/storage/whisper”
]
}
module “antivirus_weekly_scan” {
for_each = { for idx, instance in local.ec2_instances : instance.name => instance }
source = “…/…/…/modules/aws_services/systems_manager/maintenance_task_shell_script”
enabled = true
node_name = “${each.value.name}_weekly_antivirus_task”
maintenance_window_id = aws_ssm_maintenance_window.weekly_virus_scan[each.key].id
node_instance_id = each.value.id
log_output_bucket = “{var.bucket_prefix}-antivirus-{var.region}”
log_output_bucket_key = “{var.client_prefix}/ec2-antivirus-logs/{var.environment}/full_scan/${each.value.name}”
description = “A job to run a full antivirus scan on target instance”
commands_to_run = [
“sudo /usr/local/bin/virusscan --environment ${var.environment} -a quarantine-move -e /opt/eipaas/quarantine,/sys,/proc,/dev,/var/run/docker,/var/lib/docker,/etc/puppetlabs,/var/lib/clamav,/opt/nomad,/var/log,/opt/graphite/storage/whisper”
]
}
Can anybody help what I am doing wrong in the code.
FYR: I am using Terraform version 0.13.5