adithyar24200
Reputation: 131
Using for each within for each for terraform resources
My main.tf is like this, I wanted to assign "google_project_iam_binding" -> "members" with "instance-sink" -> "unique_writer_identity" but I'm already using the for each to set the role in google_project_iam_binding but iam unable to think of a way to use for each twice to assign to members of unique_writer_identity.
resource "google_logging_project_bucket_config" "custom_log_bucket" {
for_each = var.cross_project_logsink_service
bucket_id = format("bkt-%s-%s-%s-%s-%s", local.monitored_resource_project[each.key])
location = "global"
project = var.monitoring_project
retention_days = 30
}
resource "google_logging_project_sink" "instance-sink" {
for_each = var.cross_project_logsink_service
name = format("%s_logsink_%s", var.domain, each.key)
description = "log sink from ${local.monitored_resource_project[each.key]}"
destination = "logging.googleapis.com/${google_logging_project_bucket_config.custom_log_bucket[0].id}"
filter = "resource.type=cloud_composer_environment"
project = local.monitored_resource_project[each.key]
unique_writer_identity = true
}
resource "google_project_iam_binding" "log-writer" {
for_each = toset([
"roles/storage.objectCreator",
"roles/logging.bucketWriter"
])
project = var.monitoring_project
role = each.key
members = [
google_logging_project_sink.instance-sink.writer_identity #how to assign it to the above resource
]
}
Currently error looks like this
$ terraform plan
╷
│ Error: Missing resource instance key
│
│ on logsink.tf line 71, in resource "google_project_iam_binding" "log-writer":
│ 71: google_logging_project_sink.instance-sink.writer_identity
│
│ Because google_logging_project_sink.instance-sink has "for_each" set, its
│ attributes must be accessed on specific instances.
│
│ For example, to correlate with indices of a referring resource, use:
│ google_logging_project_sink.instance-sink[each.key]
The problem is I can't assign the above because it is using for_each of roles tfvars looks like this
cross_project_logsink_service = ["cloud_function"]
Upvotes: 0
Views: 405
Answers (2)
Naveen Kulkarni
Reputation: 803
You can use the below code
resource "google_project_iam_binding" "log-writer" {
for_each = toset([
"roles/storage.objectCreator",
"roles/logging.bucketWriter"
])
project = var.monitoring_project
role = each.key
members = [
google_logging_project_sink.instance-sink[*].writer_identity
]
}
Upvotes: 0
Related Questions
- How to create two for loops in a terraform resource?
- Terraform create multiple resources using for_each and jsondecode
- Looping in for_each nested resources with terraform
- two for_each in terraform resource module
- Terraform for_each with nested resources
- Terraform to have a for_each and dynamic block in the same resource? Or can I have multiple for_each in a resource statement
- How to iterate multiple resources over the same list?
- Terraform resources created with `for_each` - use in other Terraform scripts
- Terraform multiple for_each resources
- Looping using for or For_each | Terraform 0.12