I have a variable of spoke_vpcs with a type of:
type = map(object({
name = string
cidr = string
az_list = list(string)
private_subnet_cidr = list(string)
public_subnet_cidr = list(string)
enable_nat_gateway = bool
enable_vpn_gateway = bool
}))
And the variable looks like this:
spoke_vpcs = {
"security" = {
name = "security",
cidr = "10.1.0.0/16",
az_list = ["us-east-1a", "us-east-1b", "us-east-1c"],
private_subnet_cidr = ["10.1.4.0/24", "10.1.5.0/24", "10.1.6.0/24"],
public_subnet_cidr = ["10.1.104.0/24", "10.1.105.0/24", "10.1.106.0/24"],
enable_nat_gateway = false
enable_vpn_gateway = false
},
"logging" = {
name = "logging",
cidr = "10.0.0.0/16",
az_list = ["us-east-1a", "us-east-1b", "us-east-1c"],
private_subnet_cidr = ["10.0.7.0/24", "10.0.8.0/24", "10.0.9.0/24"],
public_subnet_cidr = ["10.0.107.0/24", "10.0.108.0/24", "10.0.109.0/24"],
enable_nat_gateway = true
enable_vpn_gateway = true
}
}
What I’m looking to do is create a vpc from each object in the “spoke_vpcs” map and then create a aws_route_table_association for each of the private_subnets.
So, I use a module to create the vpc:
module "vpc_spokes" {
source = "terraform-aws-modules/vpc/aws"
for_each = var.spoke_vpcs
providers = {
aws = aws.shared
}
name = each.value.name
cidr = each.value.cidr
azs = each.value.az_list
private_subnets = each.value.private_subnet_cidr
public_subnets = each.value.public_subnet_cidr
enable_nat_gateway = each.value.enable_nat_gateway
enable_vpn_gateway = each.value.enable_vpn_gateway
}
Add create the route table:
resource "aws_route_table" "spoke_route_table" {
for_each = module.vpc_spokes
vpc_id = each.value.vpc_id
}
What is the best way to create the aws_route_table_association?
I’ve tried:
resource "aws_route_table_association" "private_subnet" {
for_each = module.vpc_spokes["security"].private_subnets
subnet_id = each.value
route_table_id = aws_route_table.spoke_route_table["security"].id
}
But that throws an error of "The given “for_each” argument value is unsuitable: the “for_each” argument must be a map, or set of strings, and you have provided a value of type tuple.
I’ve tried using toset() But it throws the following error:
│ on main.tf line 87, in resource "aws_route_table_association" "private_subnet":
│ 87: for_each = toset(module.vpc_spokes["security"].private_subnets)
│ ├────────────────
│ │ module.vpc_spokes["security"].private_subnets is tuple with 3 elements
│
│ The "for_each" set includes values derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that
│ will identify the instances of this resource.
│
│ When working with unknown values in for_each, it's better to use a map value where the keys are defined statically in your configuration and where only the values
│ contain apply-time results.
│
│ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully
│ converge.
Any ideas on how I can get this to work?