Taint a resource created with for_each

I am creating a number of ECS services like this:

resource "aws_ecs_service" "service" {
  for_each = toset(var.cluster_names)

  name          = "${var.repository}_${var.group}_${var.service_name}"
  cluster       = "${each.key}"
  desired_count = "${var.desired_count}"

  ordered_placement_strategy {
    type  = "spread"
    field = "instanceId"

  ordered_placement_strategy {
    type  = "spread"
    field = "attribute:ecs.availability-zone"

  load_balancer {
    container_name   = "${var.service_name}"
    container_port   = "${var.port}"
    target_group_arn = "${var.target_group_arn}"

  # Track the latest ACTIVE revision
  task_definition = "${aws_ecs_task_definition.task_def.family}:${max("${aws_ecs_task_definition.task_def.revision}", "${data.aws_ecs_task_definition.task_def.revision}")}"


How do I taint the resources created this way?

The following don’t work
terraform taint aws_ece_service.service
terraform taint aws_ece_service.service.*
terraform taint aws_ece_service.service[]
terraform taint aws_ece_service.service

I believe the splats only work with lists and for_each returns a map. Not sure how to reference elements in the map…

Try for example,


To refer to one of the resource instances associated with a resource block the syntax is


Seemed so promising but no go:

terraform taint module.servotron.aws_ecs_service.service["FrontEnd-OnDemand"]


Error: Index value required

on line 1:
(source code not available)

Index brackets must contain either a literal number or a literal string.

Run ‘terraform state list’ to see how each resource is identified by terraform.

Awesome. That indeed shows that I was using the right syntax. taint must just be broken for this scenario.

I will log a bug against terraform.