New to terraform, trying to use for_each

Hello there,

I managed to complete a few introduction documentation and exercices, and i managed to create aws infra using templates.

I’m now trying to create something which looks quite simple at first, but i’m struggling with type management and the dynamic aspect of the ressources to be created.

The goal is to create aws_lambda_permissions / aws_cloudwatch_event_rule / aws_cloudwatch_event_target based on a dict/map.

The template definition is basically :


terraform {
  required_providers {
    aws = "= 2.57"

provider "aws" {
  region = "eu-west-1"
  access_key = var.access_key
  secret_key = var.secret_key


== content.tfvars // the file has the map definition for the three related resources linked together. In this example, i reduced to the creation of only one resource to try to debug the problem i'm having.

content = {
  app1_env2 = {
    account_id   = "1234567890"
    app_name     = "app1"
    env_name     = "env1"
    cron         = "cron(0 20 20 4 ? *)"
    statement_id = "AllowExecutionFromCloudWatch_app1_env1"
  app2_env2 = {
    account_id   = "2345678901"
    app_name     = "app2"
    env_name     = "env2"
    cron         = "cron(0 20 20 4 ? *)"
    statement_id = "AllowExecutionFromCloudWatch_app2_env2"


resource "aws_cloudwatch_event_rule" "planning_rule" {   // i expect to get two resources created here, corresponding to each objects of the map.
    for_each            = var.content
    name                = each.key           // should be app1_env1 for the first , and app2_env2 for the second
    schedule_expression = each.value["cron"] // tried each.value.cron and the lookup method ...
    tags                = {}


variable "access_key" {
  type = string

variable "secret_key" {
  type = string

variable "content" {
  type = map(object({
    account_id   = string
    app_name     = string
    env_name     = string
    cron         = string
    statement_id = string

If i run a plan with this i get :

$terraform plan --var-file content.tfvars
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


Error: error using credentials to get account ID: error calling sts:GetCallerIdentity: InvalidClientTok
enId: The security token included in the request is invalid.
        status code: 403, request id: e10d4da1-f01d-4b70-b783-a6a295647b89

  on line 6, in provider "aws":
   6: provider "aws" {

If i swap to another directory which contains a template with flatten configuration, it works, so this is not a sts or auth problem.

What i’m missing here ?

Hello @nevoomatse, welcome to the community! :wave:

I’d like to have a look at your example and see if we can figure this out, together.

Can you share a bit more of your code? Specifically, I’m looking for var.all_planning (which might be in all_planning.tfvars

Dummy vallues are totally fine, I’m mainly after the structure.

Oh i’m sorry… for the example, consider that var.all_planning refers actually to var.content which is mentionned in content.tfvars. My bad… i’ll edit first post if possible.

Thank you