Hi All,
I have a question around Terraform AWS EKS module , I read the docs and also the note on the probable issue mentioned here.
In my case I am seeing below error . I am not sure how to get around this as I am not able to control the local values anyhow . any help would be appreciated.
╷
│ Error: Invalid for_each argument
│
│ on .terraform/modules/eks-cluster.eks/main.tf line 208, in resource "aws_iam_role_policy_attachment" "this":
│ 208: for_each = var.create && var.create_iam_role ? toset(compact(distinct(concat([
│ 209: "${local.policy_arn_prefix}/AmazonEKSClusterPolicy",
│ 210: "${local.policy_arn_prefix}/AmazonEKSVPCResourceController",
│ 211: ], var.iam_role_additional_policies)))) : toset([])
│ ├────────────────
│ │ local.policy_arn_prefix is a string, known only after apply
│ │ var.create is true
│ │ var.create_iam_role is true
│ │ var.iam_role_additional_policies is empty list of string
│
│ The "for_each" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances
│ will be created. To work around this, use the -target argument to first apply only the resources that the for_each depends on.
╵
╷
│ Error: Invalid for_each argument
│
│ on .terraform/modules/eks-cluster.eks/modules/eks-managed-node-group/main.tf line 439, in resource "aws_iam_role_policy_attachment" "this":
│ 439: for_each = var.create && var.create_iam_role ? toset(compact(distinct(concat([
│ 440: "${local.iam_role_policy_prefix}/AmazonEKSWorkerNodePolicy",
│ 441: "${local.iam_role_policy_prefix}/AmazonEC2ContainerRegistryReadOnly",
│ 442: var.iam_role_attach_cni_policy ? local.cni_policy : "",
│ 443: ], var.iam_role_additional_policies)))) : toset([])
│ ├────────────────
│ │ local.cni_policy is a string, known only after apply
│ │ local.iam_role_policy_prefix is a string, known only after apply
│ │ var.create is true
│ │ var.create_iam_role is true
│ │ var.iam_role_additional_policies is empty list of string
│ │ var.iam_role_attach_cni_policy is true
│
│ The "for_each" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances
│ will be created. To work around this, use the -target argument to first apply only the resources that the for_each depends on.
I have tried approaches like to use -target but how do I apply this as I don’t manage the resource iam_role_policy_attachment so can’t apply it directly.