Reading from a collection of modules in Terraform

Question

I'm using the lambda_function module with for_each to create multiple lambdas.

I'm getting this error in a different resource when trying to assemble a policy JSON:

╷
│ Error: Invalid function argument
│ 
│   on main.tf line 83, in resource "aws_secretsmanager_secret_policy" "staging_tables_secret":
│   83:         "AWS": "${join(",", module.lambda_function[*].lambda_role_arn)}"
│     ├────────────────
│     │ module.lambda_function is a map of object, known only after apply
│ 
│ Invalid value for "lists" parameter: element 0: string required.
╵

Process finished with exit code 1

What am I doing wrong, how am I supposed to list the role ARNs generated by the lambda module?

Here is how the module looks by the way, along with the local that gets iterated:

module "lambda_function" {
  for_each = { for index, value in local.application_files : index => value }

  source = "terraform-aws-modules/lambda/aws"

  source_path = "${path.module}/functions/${each.value.directory}"

  function_name = each.value.directory

  runtime = "python3.9"
  handler = "${each.value.handler_file}.lambda_handler"

  environment_variables = {
    secrets_manager_arn = aws_secretsmanager_secret.staging_tables_secret.arn
  }
}

locals {
  application_files = [
    {
      directory    = "hello1"
      handler_file = "hello1"
    },
    {
      directory    = "hello2"
      handler_file = "hello2"
    }
  ]
}

EDIT: here is the link to the external module I'm using: https://registry.terraform.io/modules/terraform-aws-modules/lambda/aws/latest

Answer 1

I figured it out with the help of reading this bit in the docs about the splat expression not working with maps .

Basically the solution was to use [for v in module.lambda_function : v.lambda_role_arn] as the sub-expression instead of module.lambda_function[*].lambda_role_arn .