CODEWITHSUNDEEP
amazon-web-servicesterraformaws-policiesterraform-cloud
Daniele
Daniele

Reputation: 624

Terraform create and attach aws iam policies

I need to create several iam policies from json files. So, I've a file called iam_policies.tf with many of these code:


resource "aws_iam_policy" "name" {
  name        = "policy-name"
  description = "Policy desc xxx"
  path        = "/"

  policy = file("${path.module}/_/iam_policies/policy.json")
}

In a module I would like to use these policies as argument of var, but when I try to attach the policy...

resource "aws_iam_role_policy_attachment" "me" {
  for_each   = toset(var.policies)
  role       = aws_iam_role.me.name
  policy_arn = each.value
}

I get the error: The "for_each" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources that the for_each depends on.

This is the module that create policies resources and other resources:

module "admin" {
  source = "./repo/module_name"

  policies = [
    aws_iam_policy.common.arn,
    aws_iam_policy.ses_sending.arn,
    aws_iam_policy.athena_readonly.arn,
    aws_iam_policy.s3_deploy.arn,
  ]
...
}

I've tried with depends_on but It doesn't works.

I'm using terraform cloud, so I can't use apply -target

How can I do? What's wrong? Thank you

Upvotes: 2

Views: 970

Answers (1)

Marcin
Marcin

Reputation: 238957

If you can't use target, you have to separate your deployments into two deployments. First you deploy your policies, and then they will become inputs of the main deployment.

Upvotes: 0

Related Questions