I have a terraform code like below.

locals {
 org_sub_accounts = [
   "111111111111",
   "222222222222,
   "333333333333",
 ]

 role_arns = [
   "arn:aws:iam::111111111111:role/DataConnector1",
   "arn:aws:iam::222222222222:role/DataConnector2",
   "arn:aws:iam::333333333333:role/DataConnector3",
 ]
}


resource "aws_cloudformation_stack_set_instance" "stack" {
  count               = length(local.org_sub_accounts)
  account_id          = local.org_sub_accounts[count.index]
  region              = "ap-east-1"
  parameter_overrides = {
RoleName = local.role_arns[count.index]
  }
  stack_set_name      = aws_cloudformation_stack_set.stackset.name
}

My problem is my RoleName should be DataConnector potion (after /) but not the entire ARN in the aws_cloudformation_stack_set_instance. How can I pass the RoleName DataConnector* within each index?

Note, here I defined the variables in the locals to show my use case. But actually those comes from other resource outputs.

CodePudding user response：

This can be achieved by using the split built-in function:

locals {
  role_names = [for arn in local.role_arns : split("/", arn)[1]]
}

With this part split("/", arn)[1] you are splitting the IAM role ARN into two parts (before and after the /) and with the index [1] you are effectively getting the second part of that list. Then, you would have to change the code to reflect that with:

resource "aws_cloudformation_stack_set_instance" "stack" {
  count               = length(local.org_sub_accounts)
  account_id          = local.org_sub_accounts[count.index]
  region              = "ap-east-1"
  parameter_overrides = {
    RoleName  = local.role_names[count.index]
  }
  stack_set_name      = aws_cloudformation_stack_set.stackset.name
    }

[1] https://developer.hashicorp.com/terraform/language/functions/split