looks pretty straightforward but where and how are we assigning value to var.ec2_instance_ids
from output "instances"...
?
I have a resource that I create using for_each
, I need an attribute from the objects created with for_each
in another module in the same file. I am trying this:
output "my_resource_id"{
value = values(module.my_module)[*].id
}
but where I’m using it like:
arr = [for a in module.my_module[*].my_resource_id: a]
it is not working 
EDIT: Here is the example of what I’m trying to work out.
module "azuread_application_terraform" {
source = "git::ssh://git@bitbucket.org/example//azuread/azuread_application"
for_each = local.principals_map
name = each.key
}
#local.principals_map is a map with names of the applications to register as a key
Next I create few key vaults:
source = "git::ssh://git@bitbucket.org/example//azurerm/azurerm_key_vault"
for_each = toset(var.teams)
name = each.key
location = var.location
resource_group_name = var.resource_group_name
tenant_id = var.cloud_tenant_id
soft_delete_retention_days = var.kv_soft_delete_retention_days
purge_protection_enabled = var.kv_purge_protection_enabled
sku_name = var.kv_sku_name
tags = local.tags
}
#teams is a map with name of key vault and
This is where the fun starts. Now I need to grant access to the application registration created above to these key vaults. I am trying to get application’s object_id
and respective key vault as follows:
app_ids = { for m in local.all_principals : module.azuread_application_terraform[m.name].object_id => {
"app_name" : m.name
"kv_id" : module.azurerm_key_vault_primary[m.team].id,
"application_secret" : module.azuread_application_terraform[m.name].application_secret
}
}
}
The access code is below:
module "azurerm_key_vault_access_policy" {
source = "git::ssh://git@bitbucket.org/example//azurerm/azurerm_key_vault_access_policy"
for_each = local.app_ids
key_vault_id = each.value.kv_id
tenant_id = var.cloud_tenant_id
object_id = each.key
secret_permissions = ["Get", "List", "Set", "Delete", "Purge"]
key_permissions = ["Get", "List"]
certificate_permissions = ["Get", "List"]
}
On running terraform plan
it complains that app_ids
is invalid for the for_each
:
Error: Invalid for_each argument
│
│ on 002-file.tf line 81, in module "azurerm_key_vault_access_policy":
│ 81: for_each = local.app_ids
│ ├────────────────
│ │ local.app_ids will be known only after apply
│
│ The "for_each" value depends on resource attributes that cannot be
│ determined until apply, so Terraform cannot predict how many instances will
│ be created. To work around this, use the -target argument to first apply
│ only the resources that the for_each depends on.
Any work around this?