Get private IPs from ENIs of NLB?

Hi,
This is my issue opened on the Github:

What I want to do is to create target group attachment. I have tried this:

data "aws_network_interface" "sftp-nlb" {
  for_each = var.private_subnet_ids

  filter {
    name   = "description"
    values = ["ELB ${aws_lb.sftp-nlb.arn_suffix}"]
  }

  filter {
    name   = "private_subnet_ids"
    values = [each.value]
  }
}

resource "aws_alb_target_group_attachment" "tg_attachment" {
  vpc_id           = var.vpc_id
  target_group_arn = aws_lb_target_group.sftp-nlb-target-group.arn
  target_id        = formatlist("%s/32", [for eni in data.aws_network_interface.sftp-nlb : eni.private_ip])  
  port             = 22
}

but that gives me:

Error: Incorrect attribute value type

 on modules/sftp/main.tf line 135, in resource "aws_alb_target_group_attachment" "tg_attachment":
135:   target_id        = formatlist("%s/32", [for eni in data.aws_network_interface.sftp-nlb : eni.private_ip])

Inappropriate value for attribute “target_id”: string required.

an ip-address is not an interface id
try with eni.id instead of eni.private_ip

same error:

Error: Incorrect attribute value type

  on modules/sftp/main.tf line 136, in resource "aws_alb_target_group_attachment" "tg_attachment":
 136:   target_id        = formatlist("%s/32", [for eni in data.aws_network_interface.sftp-nlb : eni.id])

Inappropriate value for attribute "target_id": string required.

Sorry, that was silly of me - I didn’t read up on the aws_lb_target_group_attachment resource

The resource only takes one id as target_id, so we must attach them separately.

resource “aws_alb_target_group_attachment” “tg_attachment” {
for_each = data.aws_network_interface.sftp-nlb
vpc_id = var.vpc_id
target_group_arn = aws_lb_target_group.sftp-nlb-target-group.arn
target_id = each.private_ip
port = 22
}

If this doesn’t work, can I please see the contents of data.aws_network_interface.sftp-nlb? just dump it as output to get hold of it.

This is working although it is slightly different from what your question asked. I think you can adapt it to your case.

data "aws_network_interface" "vpc_endpoint_eni" {
  for_each = toset(var.private_subnet_ids)
  
  filter {
    name = "description"
    values = ["ELB ${aws_lb.sftp-nlb.arn_suffix}"]
  }
  
  filter {
    name   = "subnet-id"
    values = [each.value]
  }
}

resource "aws_lb_target_group_attachment" "custom_domain_lb_api_targets" {
  for_each         = toset(var.private_subnet_ids)
  target_group_arn = aws_lb_target_group.custom_domain_lb_api_target_group.arn
  target_id        = data.aws_network_interface.vpc_endpoint_eni[each.key].private_ip
  port             = 443
}