PLEASE HELP: The "count" value depends on resource attributes that cannot be determined until apply

My CI/CD pipelines are failing please guide how to resolve this issue

The “count” value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources that the count depends on.

var.object_ids is coming from data.azuread_groups.example.object_ids

resource "azurerm_role_assignment" "assing_roles" {
 count = length(var.object_ids)
  principal_id         = var.object_ids[count.index]
  role_definition_name = var.role_name
  scope                = var.target_resource_id


To get help, don’t shout or beg. Instead, make it easy for people to help you by including relevant information in your post.


is not enough information for people to make any clear recommendation.

Something is clearly preventing data.azuread_groups.example.object_ids from being known until apply time, but unless you show more of your configuration, people on this forum cannot suggest why.

@maxb bro first of all show some manners. If someone is writing like this then its something really serious happening in production deployment.

No one is perfect in the world and I am not the one who created terraform. There is some issue and seems to be the serious one hence, asked like this.

I have not requested you to help me here but if something is burning then people can help that is what the least expected in opensource world.

So I am not begging neither I have shouted near your ears. So behave please before writing in the public portal… Thank you.

You are aware you are in the community volunteer discussion forum, and not an official support channel, right?

Yes I am aware… But do you really think if someone is in a serious issue and requesting for help genuinely then s/he must be begging. C’mon

Putting aside all questions on how particular tones of voice and attitudes are represented in plain text messaging, and how different people may interpret them differently for a moment, one fact remains:

Given the limited information presented so far, all that can be said is that data.azuread_groups.example.object_ids is apparently not known until apply, and more visibility of how it is configured is needed, to identify the cause of that.

It is like this

data "azuread_groups" "example" {
  display_names    = ["group1"]
  security_enabled = true

Nothing within the shown code explains why this could not be evaluated at plan time.

Therefore, I wonder if there are module-level depends_on settings in play here, which could lead to evaluation of this block being deferred to the apply phase.

Oh sorry I missed sharing that… This is the complete code

data "azuread_groups" "example1" {
  display_names    = ["group1"]
  security_enabled = true

data "azuread_groups" "example2" {
  display_names    = ["group2"]
  security_enabled = true

locals {
 rg_access_objectids = concat(data.azuread_groups.example1.object_ids, data.azuread_groups.example2.object_ids)

module "role_assignment_spn" {
  source             = "../modules/roleassignment"
  target_resource_id = tostring(
  role_name          = "Reader"
  object_ids         = local.rg_access_objectids

I found the issue… The problem is with one other resource… I by mistake added depend in it which I was using in the module role_assignment_spn… That’s the reason it happened…

I have removed depends from it… and it started working fine…

@maxb so sorry for disturbing. Incorrect usage of depends was the culprit. My bad