Error: Invalid for_each argument #2681
Comments
|
+1 seeing this issue as well in 19.9+. Actually seeing the same issue in v.18.30+ however not as bad as 19+. The issue is a single warning about the error in 18.31+ but every loop is failing in 19+. |
This comment was marked as spam.
This comment was marked as spam.
Unfortunately we cannot because its an incomplete reproduction. However, you can look at our internal code to see how we are successfully iterating over the nodegroup without issue terraform-aws-eks/node_groups.tf Line 270 in 0a17f65 Closing until a proper reproduction can be supplied |
|
@bryantbiggs think of the following: resource "random_string" "suffix" {
length = 8
special = false
}
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "19.15.3"
cluster_name = "name-${random_string.suffix.result}"
cluster_version = "1.27"
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets
eks_managed_node_groups = {
default = {
name = "worker-1"
instance_types = ["r6a.large"]
min_size = 1
max_size = 3
desired_size = 2
}
}
tags = {
cluster = "name-${random_string.suffix.result}" # this causes the error at least for me
}
}Error: │ Error: Invalid for_each argument
│
│ on .terraform/modules/eks/main.tf line 97, in resource "aws_ec2_tag" "cluster_primary_security_group":
│ 97: for_each = { for k, v in merge(var.tags, var.cluster_tags) :
│ 98: k => v if local.create && k != "Name" && var.create_cluster_primary_security_group_tags && v != null
│ 99: }
│ ├────────────────
│ │ local.create is true
│ │ var.cluster_tags is empty map of string
│ │ var.create_cluster_primary_security_group_tags is true
│ │ var.tags is map of string with 3 elements
│
│ The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify
│ the instances of this resource.
│
│ When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place apply-time results only in the map values.
│
│ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge.
╵
╷
│ Error: Invalid for_each argument
│
│ on .terraform/modules/eks/modules/eks-managed-node-group/main.tf line 434, in resource "aws_iam_role_policy_attachment" "this":
│ 434: for_each = { for k, v in toset(compact([
│ 435: "${local.iam_role_policy_prefix}/AmazonEKSWorkerNodePolicy",
│ 436: "${local.iam_role_policy_prefix}/AmazonEC2ContainerRegistryReadOnly",
│ 437: var.iam_role_attach_cni_policy ? local.cni_policy : "",
│ 438: ])) : k => v if var.create && var.create_iam_role }
│ ├────────────────
│ │ local.cni_policy is a string, known only after apply
│ │ local.iam_role_policy_prefix is a string, known only after apply
│ │ var.create is true
│ │ var.create_iam_role is true
│ │ var.iam_role_attach_cni_policy is true
│
│ The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify
│ the instances of this resource.
│
│ When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place apply-time results only in the map values.
│
│ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge.
╵ |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Description
Couurnt v.19.15.3 Users may encounter an error such as Error: Invalid for_each argument - The "for_each" value depends on resource attributes that cannot be determined until applied, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument first to apply - also seen in v 18.8.0. This behavior is not seen in the v18.31.2
current: 19.15.3
Terraform v1.4.5
Reproduction Code [Required]
module "node_group" {
source = "terraform-aws-modules/eks/aws//modules/eks-managed-node-group"
version = "19.15.3"
#version = "18.31.2" ###https://github.com/terraform-aws-modules/terraform-aws-eks/issues/2337on - to avoid this issue roll back to version <--
for_each = var.node_groups
create = each.value.create
name = "${each.value.name}-${var.owner}"
create_iam_role = false
iam_role_arn = aws_iam_role.eks_nodes.arn
cluster_name = module.eks.cluster_name
cluster_primary_security_group_id = module.eks.cluster_primary_security_group_id
subnet_ids = each.value.subnet_ids
launch tempate version for node group. valid values: any version number. leave blank "" for latest
launch_template_version = ""
min_size = each.value.min_size
max_size = each.value.max_size
desired_size = each.value.des_size
disable_api_termination = false
instance_types = each.value.instance_types
key_name = module.tls_keys_node_groups.key_name
Type of capacity associated with the EKS Node Group. Valid values: ON_DEMAND, SPOT
vpc_security_group_ids = [module.eks.node_security_group_id]
capacity_type = each.value.capacity_type
ebs_optimized = true
block_device_mappings = {
xvda = {
device_name = "/dev/xvda"
ebs = {
volume_size = 80
volume_type = "gp3"
iops = 3000
throughput = 150
encrypted = true
kms_key_id = module.kms_key_ebs.key_arn
delete_on_termination = true
}
}
}
metadata_options = {
http_endpoint = "enabled"
http_put_response_hop_limit = "2"
instance_metadata_tags = "disabled"
}
network_interfaces = [
{
device_index = "0"
ipv4_address_count = "0"
ipv6_address_count = "0"
network_card_index = "0"
security_groups = [module.eks.cluster_primary_security_group_id, module.security_group.security_group_id]
}
]
labels = {
type = "private"
workload_type = each.value.workload_type
namespace_env = each.value.namespace_env
}
#create_cni_ipv6_iam_policy = false
timeouts = {
create = "15m"
# update =
# delete =
}
tags = local.tags
}
Steps to reproduce the behavior:
just run terraform apply
The text was updated successfully, but these errors were encountered: