英文:
Multiple for_each loops in a single terraform resource
问题
以下是代码的中文翻译部分:
我有一个Lake Formation权限资源,在其中我正在循环遍历IAM组中的用户并分配权限。至于数据库名称,这不止一个数据库。是否可以在数据库对象内部有第二个`for_each`语句,还是需要采取其他方法?
resource "aws_lakeformation_permissions" "admin-lf-permissions" {
for_each = { for usr in data.aws_iam_group.admin.users: usr.user_name => usr.arn }
principal = each.value
permissions = ["ALL"]
database {
name = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name
}
}
在我的locals.tf文件中,我有以下内容,这是我理想中要循环遍历的部分。例如,管理员用户将可以访问admin_dbs映射中指定的所有数据库。
glue_catalog_dbs = {
admin_dbs = {
db-1 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.prod-database
db-2 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.test-database
db-3 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.dev-database
},
data_engineer_dbs = {
db-1 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.prod-database
db-2 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.test-database
db-3 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.dev-database
}
}
我已经尝试使用for循环,但不确定是否应该这样继续前进,还是是否可以利用第二个for_each循环。
英文:
I have a lake formation permissions resource in which I am looping through users in a iam group and assigning permissions. As for the database name , this is more than 1 database. Is it possible to have a second for_each statement within the database object or will I need to do something else instead ?
resource "aws_lakeformation_permissions" "admin-lf-permissions" {
for_each = { for usr in data.aws_iam_group.admin.users: usr.user_name => usr.arn }
principal = each.value
permissions = ["ALL"]
database {
name = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name
}
}
I have the following inside my locals.tf which is what I want to ideally loop through. So for example , admin users will have access to all the databases that are specified within map admin_dbs
glue_catalog_dbs = {
admin_dbs= {
db-1 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.prod-database
db-2 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.test-database
db-3 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.dev-database
},
data_engineer_dbs= {
db-1 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.prod-database
db-2 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.test-database
db-3 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.dev-database
}
I have looked through using the for loop but am unsure if that is the way forward OR if i can make use of a second for_each loop
答案1
得分: 2
你不能在 Terraform 资源块中使用多个 for_each 元参数。您应该创建一个包含所有需要创建的权限的单一组合列表,并将其传递给 for_each 参数。
英文:
You can't have multiple for_each meta arguments in a Terraform resource block. You should create a single, combined list of all the permissions that need to be created, and pass that to the for_each argument.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论