Terraform depends_on aws_iam_policy

Question

I have a module that create some aws policy from json files. Terraform plan return an error when it try to attach the new resources (policies) to the role it is creating.

The "for_each" value depends on resource attributes that cannot be determined until apply

This is ok, so I tried to use depends_on on the module that create the new resources (policies), but I still have the same error.

here my module:

module "admin" {
  source = "./my_repo/admin"

  depends_on = [
    aws_iam_policy.common,
    aws_iam_policy.ses_sending,
    aws_iam_policy.athena_readonly,
  ]

  policies = [
    aws_iam_policy.common.arn,
    aws_iam_policy.ses_sending.arn,
    aws_iam_policy.athena_readonly.arn,
  ]

In the module ./my_repo/admin I have a file with this code (here I have the error)

resource "aws_iam_role_policy_attachment" "me" {
  for_each   = toset(var.policies)
  role       = aws_iam_role.me.name
  policy_arn = each.value
}

What's wrong?

Thank you

var.policies is e list of resources (iam policies). How can I get arn of every single policy? — Daniele, Dec 16 '21 at 12:05

score -1 · Answer 1 · answered Dec 07 '21 at 15:25

-1

The "for_each" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many policies will be created. To work around this, use the -target argument to first apply only the resources that the for_each depends on.

answered Dec 07 '21 at 15:25

bembas

762
8
20

This is the error return by terrafom – Daniele Dec 16 '21 at 12:04

Terraform depends_on aws_iam_policy

1 Answers1