Hello there,
I managed to complete a few introduction documentation and exercices, and i managed to create aws infra using templates.
I’m now trying to create something which looks quite simple at first, but i’m struggling with type management and the dynamic aspect of the ressources to be created.
The goal is to create aws_lambda_permissions / aws_cloudwatch_event_rule / aws_cloudwatch_event_target based on a dict/map.
The template definition is basically :
== main.tf
terraform {
required_providers {
aws = "= 2.57"
}
}
provider "aws" {
region = "eu-west-1"
access_key = var.access_key
secret_key = var.secret_key
}
== output.tf
(empty)
== content.tfvars // the file has the map definition for the three related resources linked together. In this example, i reduced to the creation of only one resource to try to debug the problem i'm having.
content = {
app1_env2 = {
account_id = "1234567890"
app_name = "app1"
env_name = "env1"
cron = "cron(0 20 20 4 ? *)"
statement_id = "AllowExecutionFromCloudWatch_app1_env1"
}
app2_env2 = {
account_id = "2345678901"
app_name = "app2"
env_name = "env2"
cron = "cron(0 20 20 4 ? *)"
statement_id = "AllowExecutionFromCloudWatch_app2_env2"
}
}
== planning.tf
resource "aws_cloudwatch_event_rule" "planning_rule" { // i expect to get two resources created here, corresponding to each objects of the map.
for_each = var.content
name = each.key // should be app1_env1 for the first , and app2_env2 for the second
schedule_expression = each.value["cron"] // tried each.value.cron and the lookup method ...
tags = {}
}
== variables.tf
variable "access_key" {
type = string
}
variable "secret_key" {
type = string
}
variable "content" {
type = map(object({
account_id = string
app_name = string
env_name = string
cron = string
statement_id = string
}))
}
If i run a plan with this i get :
$terraform plan --var-file content.tfvars
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
Error: error using credentials to get account ID: error calling sts:GetCallerIdentity: InvalidClientTok
enId: The security token included in the request is invalid.
status code: 403, request id: e10d4da1-f01d-4b70-b783-a6a295647b89
on main.tf line 6, in provider "aws":
6: provider "aws" {
If i swap to another directory which contains a template with flatten configuration, it works, so this is not a sts or auth problem.
What i’m missing here ?
