Skip to content

v0.3.2
Compare
Choose a tag to compare
@cloudpossebot cloudpossebot released this 22 Apr 14:00
· 38 commits to refs/heads/main since this release
0.3.2
cb734da
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

πŸš€ Enhancements

Attempt to fix `Invalid for_each argument` for `var.custom_iam_policy_arns` @jamengual (#11)

what

  • Attempt to fix dependency logic when policy is created at the same time as the lambda function
  • Expand tests to include an iam policy
  • Output IAM role name
  • Output IAM role ARN
  • Fix remaining test TestExamplesCompleteDisabled cc: @mcalhoun for guidance

why

  • The error message
β•·
β”‚ Error: Invalid for_each argument
β”‚
β”‚   on ../../iam-role.tf line 77, in resource "aws_iam_role_policy_attachment" "custom":
β”‚   77:   for_each   = local.enabled ? toset(var.custom_iam_policy_arns) : toset([])
β”‚     β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚     β”‚ local.enabled is true
β”‚     β”‚ var.custom_iam_policy_arns is list of string with 2 elements
β”‚
β”‚ The "for_each" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use
β”‚ the -target argument to first apply only the resources that the for_each depends on.

Basically, we cannot pass in a policy arn that isn't already created.

We get around this in the test by creating a local input var for the policy name and pass that local to both the aws_iam_policy resource as well as the var.custom_iam_policy_arns of the module.

Another way around this is to attach the custom policies outside of this module by using the role_name output

references

Contributors

mcalhoun and jamengual
Assets 2
Loading