Terraform AWS: “aws_networkfirewall_firewall” 资源的问题。属性值类型不正确。

huangapple
go评论75阅读模式
英文:

Terraform AWS: Question on resource "aws_networkfirewall_firewall". Incorrect attribute value type

问题

以下是您要翻译的内容:

"The output of firewall_subnet_ids is:"

firewall_subnet_ids = [
  tolist([
    "subnet-0579947678d######",
    "subnet-091417fd3a5######",
    "subnet-0165710e220######",
    "subnet-00afaa21ad6######",
    "subnet-0712cac718c######",
    "subnet-0d361a8d737######",
  ]),
]

"At line 29, subnet_id = subnet_mapping.value"

"it complains Inappropriate value for attribute "subnet_id": string required."

"I use for_each loop through the firewall subnet IDs. Do not understand why it compains "Incorrect attribute value type""

以下是代码部分:

terraform {
  # The configuration for this backend will be filled in by Terragrunt
  backend "s3" {}
}

locals {

  tags = {
    Branch        = var.cluster_name
    ProvisionedBy = "Terraform"
    Environment   = var.environment
  }

  networkfirewall_endpoints = { for i in aws_networkfirewall_firewall.anfw.firewall_status[0].sync_states : i.availability_zone => i.attachment[0].endpoint_id }
}

resource "aws_networkfirewall_firewall" "anfw" {
  name                              = "anfw-${var.cluster_name}"
  firewall_policy_arn               = aws_networkfirewall_firewall_policy.anfw_policy.arn
  firewall_policy_change_protection = false
  subnet_change_protection          = false

  vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id
  dynamic "subnet_mapping" {
    for_each = data.terraform_remote_state.vpc.outputs.firewall_subnet_ids

    content {
      subnet_id = subnet_mapping.value
    }
  }

  tags = local.tags
}

output "vpc_id" {
  value    = data.terraform_remote_state.vpc.outputs.vpc_id
}

output "firewall_subnet_ids" {
  value    = data.terraform_remote_state.vpc.outputs.firewall_subnet_ids
}

以下是错误部分:

Error: Incorrect attribute value type

on main.tf line 29, in resource "aws_networkfirewall_firewall" "anfw":
29:       subnet_id = subnet_mapping.value

Inappropriate value for attribute "subnet_id": string required.
英文:

The output of firewall_subnet_ids is:

firewall_subnet_ids = [
  tolist([
    "subnet-0579947678d######",
    "subnet-091417fd3a5######",
    "subnet-0165710e220######",
    "subnet-00afaa21ad6######",
    "subnet-0712cac718c######",
    "subnet-0d361a8d737######",
  ]),
]

At line 29, subnet_id = subnet_mapping.value

it complains Inappropriate value for attribute "subnet_id": string required.
I use for_each loop through the firewall subnet IDs. Do not understand why it compains "Incorrect attribute value type"

As follows is the code:

terraform {
  # The configuration for this backend will be filled in by Terragrunt
  backend "s3" {}
}

locals {

  tags = {
    Branch        = var.cluster_name
    ProvisionedBy = "Terraform"
    Environment   = var.environment
  }

  networkfirewall_endpoints = { for i in aws_networkfirewall_firewall.anfw.firewall_status[0].sync_states : i.availability_zone => i.attachment[0].endpoint_id }
}

resource "aws_networkfirewall_firewall" "anfw" {
  name                              = "anfw-${var.cluster_name}"
  firewall_policy_arn               = aws_networkfirewall_firewall_policy.anfw_policy.arn
  firewall_policy_change_protection = false
  subnet_change_protection          = false

  vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id
  dynamic "subnet_mapping" {
    #for_each = toset(data.terraform_remote_state.vpc.outputs.firewall_subnet_ids)
    for_each = data.terraform_remote_state.vpc.outputs.firewall_subnet_ids

    content {
      subnet_id = subnet_mapping.value
    }
  }

  tags = local.tags
}

output "vpc_id" {
  value    = data.terraform_remote_state.vpc.outputs.vpc_id
}

output "firewall_subnet_ids" {
  value    = data.terraform_remote_state.vpc.outputs.firewall_subnet_ids
}

As follows are the errors:

╷
│ Error: Incorrect attribute value type
│
│   on main.tf line 29, in resource "aws_networkfirewall_firewall" "anfw":
│   29:       subnet_id = subnet_mapping.value
│
│ Inappropriate value for attribute "subnet_id": string required.

答案1

得分: 1

这个问题是因为将一个 list(list(string)) 类型的变量用作 for_each 参数值导致 lambda 作用域迭代变量 subnet_mapping.value 的类型为 list(string),而 subnet_id 需要的是 string 类型。您可以通过以下两种方式来修复远程状态中的数据:

防火墙子网 ID = tolist([
"subnet-0579947678d######",
"subnet-091417fd3a5######",
"subnet-0165710e220######",
"subnet-00afaa21ad6######",
"subnet-0712cac718c######",
"subnet-0d361a8d737######",
]),

或者在 dynamic 块内部通过访问单一元素列表的第零个元素来转换类型:

for_each = data.terraform_remote_state.vpc.outputs.firewall_subnet_ids[0]

英文:

This issue occurs because a list(list(string)) type variable used as the parameter value to for_each results in the lambda scope iterator variable subnet_mapping.value being of type list(string), and instead a string type is required for subnet_id. You can either fix the data in the remote state:

firewall_subnet_ids = tolist([
  "subnet-0579947678d######",
  "subnet-091417fd3a5######",
  "subnet-0165710e220######",
  "subnet-00afaa21ad6######",
  "subnet-0712cac718c######",
  "subnet-0d361a8d737######",
]),

or convert the type within the dynamic block by accessing the zeroth element of the single element list:

for_each = data.terraform_remote_state.vpc.outputs.firewall_subnet_ids[0]

huangapple
  • 本文由 发表于 2023年6月8日 06:53:22
  • 转载请务必保留本文链接:https://go.coder-hub.com/76427561.html
  • amazon-web-services
  • terraform
  • terraform-provider-aws
  • terraform0.12+
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定