Hello guys. Sorry to bother but I have this issue and its taking me over a day to figure out the issue.
The aim of this project is to automate the creation of a azure keyvaul(with a key), x number of storage accounts, and after use the keys created in the key vault to encrypt those storage account accordingly.
So far to achieve this, I am declaring the storage accounts in a variable as follow:
variable "storage-foreach" {
type = map(string)
default = { 1 = "storage1", 2 = "storage2", 4 = "storage3", 5 = "storage4" }
}
and the key_vault_keys declared as follow:
variable "key-name" {
type = list(string)
default = ["key1", "key2", "key3", "key4"]
}
the resource to create those storages and keys are as follow:
resource "azurerm_key_vault_secret" "storagesctforeach" {
for_each = var.storage-foreach
key_vault_id = azurerm_key_vault.tenantsnbshared.id
name = each.value
value = azurerm_storage_account.storage-foreach[each.key].primary_connection_string
content_type = "${each.value} Storage Account Connection String"
lifecycle {
prevent_destroy = false
}
}
and the keys:
resource "azurerm_key_vault_key" "client-key" {
for_each = toset(var.key-name)
key_vault_id = azurerm_key_vault.tenantsnbshared.id
name = "Key-Client-${each.value}"
key_opts = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
key_type = "RSA"
key_size = 2048
depends_on = [azurerm_key_vault.tenantsnbshared]
}
so far everything works fine and the keys get created as the storages.
but here where I encounter my problem.
resource "azurerm_storage_account_customer_managed_key" "storage-managed-key" {
for_each = toset(var.key-name)
key_name = "Key-Client-${each.value}"
key_vault_id = azurerm_key_vault.tenantsnbshared.id
key_version = azurerm_key_vault_key.client-key[each.value].version
storage_account_id = azurerm_storage_account.storage-foreach[var.storage-foreach[each.value]].id
depends_on = [azurerm_key_vault_access_policy.storage, azurerm_storage_account.storage-foreach]
}
When I try to loop through all the keys and the storage account for the encryption, I get this error:
Error: Invalid index
on main.tf line 173, in resource "azurerm_storage_account_customer_managed_key" "storage-managed-key":
173: storage_account_id = azurerm_storage_account.storage-foreach[var.storage-foreach[each.value]].id
|----------------
| each.value is "key1"
| var.storage-foreach is map of string with 4 elements
The given key does not identify an element in this collection value.
Which is understandable. As far as I can understand the issue is related to those 2 lines:
for_each = toset(var.key-name)
and
storage_account_id = azurerm_storage_account.storage-foreach[var.storage-foreach[each.value]].id
In my terminal I see that the var.key-name is pointing to the correct variable and so the var.storage, but when I run terraform plan the each.value in the storage-account get override with the var.key-name values, reason why the error that it cannot find that value.
So I was wondering if there is any way how I can fix this problem.
The only other solution that I tried and it worked, it by using the count, but as that is strictly a indexer, I don’t want it, because if I modify the position of the elements in my variable, that will destroy everything to update the index.
Thank you so much for your help guys