I am getting this error messages when i run terragrunt apply.I need to be able to specify each element when creating SQS and DeadLetterQueue with the policy.I am unsure how to fix this issue.I want to find a way to reference individual DLQ directly with corresponding SQS to create the required resources
resource "aws_sqs_queue_policy" "Cloudtrail_SQS_Policy" {
for_each = toset(var.sqs_queue_names)
queue_url = aws_sqs_queue.CloudTrail_SQS[each.key].id
policy = <<POLICY
{
"Version": "2012-10-17",
"Id": "sqspolicy",
"Statement": [
{
"Sid": "AllowSQSInvocation",
"Effect": "Allow",
"Principal": {"AWS":"*"},
"Action": "sqs:*",
"Resource": "${aws_sqs_queue.CloudTrail_SQS[each.key].arn}"
resource "aws_sqs_queue_policy" "CloudTrail_SQS_DLQ"{
for_each = toset(var.dead_queue_names)
queue_url = aws_sqs_queue.CloudTrail_SQS_DLQ[each.key].id
policy = <<POLICY
{
"Version": "2012-10-17",
"Id": "sqspolicy",
"Statement": [
{
"Sid": "DLQ Policy",
"Effect": "Allow",
"Principal": {"AWS":"*"},
"Action": "sqs:*",
"Resource": "${aws_sqs_queue.CloudTrail_SQS_DLQ[each.key].arn}
Error Messages:
Error: Invalid index
│
│ on iam.tf line 3, in resource "aws_sqs_queue_policy" "Cloudtrail_SQS_Policy":
│ 3: queue_url = aws_sqs_queue.CloudTrail_SQS[each.key].id
│ ├────────────────
│ │ aws_sqs_queue.CloudTrail_SQS is object with 2 attributes
│ │ each.key is "CloudTrail_SQS_Management_Event"
│
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│
│ on iam.tf line 15, in resource "aws_sqs_queue_policy" "Cloudtrail_SQS_Policy":
│ 15: "Resource": "${aws_sqs_queue.CloudTrail_SQS[each.key].arn}",
│ ├────────────────
│ │ aws_sqs_queue.CloudTrail_SQS is object with 2 attributes
│ │ each.key is "CloudTrail_SQS_Data_Event"
│
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│
│ on iam.tf line 15, in resource "aws_sqs_queue_policy" "Cloudtrail_SQS_Policy":
│ 15: "Resource": "${aws_sqs_queue.CloudTrail_SQS[each.key].arn}",
│ ├────────────────
│ │ aws_sqs_queue.CloudTrail_SQS is object with 2 attributes
│ │ each.key is "CloudTrail_SQS_Management_Event"
│
│ The given key does not identify an element in this collection value.
CodePudding user response:
I refactored your entire code, as any changes will cascade to more errors. In your case, the best way to deal with your requirement is to use map, not list
or set
. You don't have to make your input variables a map if you don't want, though it would be easier. But keeping your input variables as they are, you can create local.sqs_dlq_map
and use that:
locals {
sqs_dlq_map = zipmap(var.sqs_queue_names, var.dead_queue_names)
}
resource "aws_sqs_queue" "CloudTrail_SQS"{
for_each = local.sqs_dlq_map
name = each.key
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.CloudTrail_SQS_DLQ[each.key].arn
maxReceiveCount = 2 #var.max_receive_count
})
#tags = var.default_tags
}
resource "aws_sqs_queue" "CloudTrail_SQS_DLQ"{
for_each = local.sqs_dlq_map
name = each.value
#tags = var.default_tags
}
resource "aws_sqs_queue_policy" "Cloudtrail_SQS_Policy" {
for_each = local.sqs_dlq_map
queue_url = aws_sqs_queue.CloudTrail_SQS[each.key].id
policy = <<POLICY
{
"Version": "2012-10-17",
"Id": "sqspolicy",
"Statement": [
{
"Sid": "AllowSQSInvocation",
"Effect": "Allow",
"Principal": {"AWS":"*"},
"Action": "sqs:*",
"Resource": "${aws_sqs_queue.CloudTrail_SQS[each.key].arn}"
}]
}
POLICY
}
resource "aws_sqs_queue_policy" "CloudTrail_SQS_DLQ"{
for_each = local.sqs_dlq_map
queue_url = aws_sqs_queue.CloudTrail_SQS_DLQ[each.key].id
policy = <<POLICY
{
"Version": "2012-10-17",
"Id": "sqspolicy",
"Statement": [
{
"Sid": "DLQ Policy",
"Effect": "Allow",
"Principal": {"AWS":"*"},
"Action": "sqs:*",
"Resource": "${aws_sqs_queue.CloudTrail_SQS_DLQ[each.key].arn}"
}]
}
POLICY
}