For each loop is not working with IAM policy resource

martin.smola · May 31, 2022, 10:45am

Hello,
I have issue with for each for iam policy. I don’t know what should I paste in, [each.key] is not working.
The problem is inside => resource “aws_iam_policy” “s3_bucket”
It is not working with [each.key] as it is shown below.

policy = data.aws_iam_policy_document.bucket_policy.*.json[each.key]

Could you help me, please?

iam.tf

# Create IAM user with policy
resource "aws_iam_user" "user" {
 for_each = {for bucket in var.buckets:  bucket.bucket_name => bucket}
 name          = each.value.username
 force_destroy = true
}
resource "aws_iam_policy" "s3_policy" {
 for_each = {for bucket in var.buckets:  bucket.bucket_name => bucket}
 name   = each.value.username
 description = "Allow all S3 actions"
 policy      = jsonencode({
 Version = "2012-10-17"
 Statement = [
 {
 Action = [
 "s3:*",
 ]
 Effect   = "Allow"
 Resource = [
 "${aws_s3_bucket.mybuckets[each.key].arn}",
 "${aws_s3_bucket.mybuckets[each.key].arn}/*"
 ]
 },
 ]
 })
}
resource "aws_iam_user_policy_attachment" "attach_s3_policy" {
 for_each = {for bucket in var.buckets:  bucket.bucket_name => bucket}
 user       = each.value.username
 policy_arn = aws_iam_policy.s3_policy[each.key].arn
}
resource "aws_iam_access_key" "access_key" {
 for_each = {for bucket in var.buckets:  bucket.bucket_name => bucket}
 user       = each.value.username
 pgp_key    = "keybase:martinsmola"
}
# S3 bucket policy
data "aws_iam_policy_document" "bucket_policy" {
 for_each = {for bucket in var.buckets:  bucket.bucket_name => bucket}
 statement {
 actions = [
 "s3:*",
 ]
 resources = [
 "${aws_s3_bucket.mybuckets[each.key].arn}",
 "${aws_s3_bucket.mybuckets[each.key].arn}/*",
 ]
 }
}
resource "aws_iam_policy" "s3_bucket" {
 for_each    = {for bucket in var.buckets:  bucket.bucket_name => bucket}
 name        = each.value.bucket_name
 description = "Allow S3 interaction from ECS service for bucket"
 policy      = data.aws_iam_policy_document.bucket_policy.*.json
 tags        = module.generic-label.tags
}

maxb · May 31, 2022, 5:01pm

You’ve given two different versions of your existing code at different points in the post:

I think what you’re actually looking for is

  policy = data.aws_iam_policy_document.bucket_policy[each.key].json

martin.smola · June 1, 2022, 7:58am

@maxb Hello, thank you very much for your help. I really appreciate it

Topic		Replies	Views
Looping through the objects created using for_each Terraform	3	962	June 24, 2022
Data aws_iam_policy_document and for_each showing changes on every plan and nothing on apply Terraform	5	8832	August 2, 2022
Error When Importing to a for_each Resource Terraform	2	350	April 6, 2023
Iterating through for_each objects in different resource Terraform	2	395	June 28, 2022
Unable to retrive nested elements using for_each Terraform	7	195	March 21, 2024

For each loop is not working with IAM policy resource

iam.tf

Related topics