stackoom
  简体   繁体   中英

Using Terraform, how can I pass in a list of users from module to module

 原文  2022-12-10 02:54:36       amazon-web-services/ terraform

Question

I am trying to use Terraform's public modules and I created a lot of IAM users like so:

module "iam_finance_users" {
  source  = "terraform-aws-modules/iam/aws//modules/iam-user"
  version = "5.9.1"

  for_each = var.finance_users
  name          = each.value
  force_destroy = true
  create_iam_access_key = false
  password_reset_required = true
}

My variables.tf file has the following:

variable "finance_users" {
  type = set(string)
  default = ["mary.johnson@domain.com","mike.smith@domain.com"....]
}

Now I am trying to add these users to a group like so

module "iam_group_finance" {
  source  = "terraform-aws-modules/iam/aws//modules/iam-group-with-policies"
  version = "5.9.1"

  name = "finance"
  group_users = ["${module.iam_finance_users.iam_user_name}"]

  attach_iam_self_management_policy = true
  custom_group_policy_arns = [
    "${module.iam_read_write_policy.arn}",
  ]
}

But no matter what I try I still keep getting errors. I have a list of users in a variable and I want to add all those users created in that module to the group module. I know I'm close but I can't quite seem to close this.

3 answers

solution1
 2 ACCPTED  2022-12-10 04:15:01

Since you used for_each in the module, you have to use values to access elements of all instances of the module created:

group_users = values(module.iam_finance_users)[*].iam_user_name

solution2
 1  2022-12-10 08:10:52

It's often helpful to know what the error is. In versions of Terraform v1.0 or newer, the errors become fairly explanatory. The error you were likely getting was something similar to:

│ Error: Unsupported attribute
│ 
│   on main.tf line 14, in output "iam_finance_users":
│   14:   value = module.iam_finance_users.iam_user_name
│     ├────────────────
│     │ module.iam_finance_users is object with 2 attributes
│ 
│ This object does not have an attribute named "iam_user_name".

The solutions, which both work, can be tested using the following example code:

Module 1: modules/iam-user

variable "name" {
  type = string
}

output "iam_user_name" {
  value = "IAM-${var.name}"
}

Module 2: modules/iam-group-with-policies

variable "group_users" {
  type = set(string)
}

output "iam-users" {
  value = var.group_users
}

Root module (your code):

variable "finance_users" {
  type    = set(string)
  default = ["mary.johnson@domain.com", "mike.smith@domain.com"]
}

module "iam_finance_users" {
  source = "../modules/iam-user"

  for_each = var.finance_users
  name     = each.value
}

module "iam_group_finance" {
  source = "../modules/iam-group-with-policies"

  # This works...
  group_users = values(module.iam_finance_users)[*].iam_user_name

  # This also works...
  group_users = [for o in module.iam_finance_users : o.iam_user_name]
}

output "group_users" {
  value = module.iam_group_finance.iam-users
}

You can easily test each module along the way using terraform console .

Eg:

terraform console

> module.iam_finance_users
{
  "mary.johnson@domain.com" = {
    "iam_user_name" = "IAM-mary.johnson@domain.com"
  }
  "mike.smith@domain.com" = {
    "iam_user_name" = "IAM-mike.smith@domain.com"
  }
}

Here you can see why it didn't work. The module doesn't spit out a list in that way, so you have to iterate through the module to get your variable. This is why both the for method as well as the values method works.

Look at how differently a single module is handled:

module "iam_finance_users" {
  source = "../modules/iam-user"

  name = tolist(var.finance_users)[1]
}

terraform console

> module.iam_finance_users
{
  "iam_user_name" = "IAM-mike.smith@domain.com"
}

Notice that when not inside a loop ( foreach ), that the single iam_user_name is accessible.

solution3
 0  2022-12-10 04:28:16

You could try something like below: This is untested, so you might need to tweak a bit. Reference thread: https://discuss.hashicorp.com/t/for-each-objects-to-list/36609/2

module "iam_group_finance" {
  source  = "terraform-aws-modules/iam/aws//modules/iam-group-with-policies"
  version = "5.9.1"
  name = "finance"
  group_users =  [  for o in module.iam_finance_users : o.iam_user_name ]
  attach_iam_self_management_policy = true
  custom_group_policy_arns = [
    module.iam_read_write_policy.arn
  ]
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Terraform - I can not create EC2 instance using SG module Multiple resources in a terraform module - how to refer from main module How can I use a Terraform's modules output as an input to another Terraform module? getting error while using list(string) data type in terraform module Using Terraform Provider in aws module How can I use variables in terraform module when call data/resources? how to print private IP from the module created using terraform-google-modules Importing existing AWS Resources using Terraform Module How do I use the aws-ebs-csi-driver addon when using the aws-eks-terraform module Unable to update name of subnet in AWS using terraform module on terraform cloud
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM