【问题标题】:how to identify an element in a collection value如何识别集合值中的元素
【发布时间】:2021-12-05 23:24:20
【问题描述】:

我在运行 terragrunt apply 时收到此错误消息。我需要能够在使用策略创建 SQS 和 DeadLetterQueue 时指定每个元素。我不确定如何解决此问题。我想找到一种方法来参考单独的DLQ直接与对应的SQS创建所需的资源

resource "aws_sqs_queue_policy" "Cloudtrail_SQS_Policy" {
  for_each  = toset(var.sqs_queue_names)
  queue_url = aws_sqs_queue.CloudTrail_SQS[each.key].id

  policy = <<POLICY
{
  "Version": "2012-10-17",
  "Id": "sqspolicy",
  "Statement": [
    {
      "Sid": "AllowSQSInvocation",
      "Effect": "Allow",
      "Principal": {"AWS":"*"},
      "Action": "sqs:*",
      "Resource": "${aws_sqs_queue.CloudTrail_SQS[each.key].arn}"

resource "aws_sqs_queue_policy" "CloudTrail_SQS_DLQ"{
    for_each  = toset(var.dead_queue_names)
    queue_url = aws_sqs_queue.CloudTrail_SQS_DLQ[each.key].id

    policy = <<POLICY
{
  "Version": "2012-10-17",
  "Id": "sqspolicy",
  "Statement": [
    {
      "Sid": "DLQ Policy",
      "Effect": "Allow",
      "Principal": {"AWS":"*"},
      "Action": "sqs:*",
      "Resource": "${aws_sqs_queue.CloudTrail_SQS_DLQ[each.key].arn}
Error Messages:

Error: Invalid index
│ 
│   on iam.tf line 3, in resource "aws_sqs_queue_policy" "Cloudtrail_SQS_Policy":
│    3:   queue_url = aws_sqs_queue.CloudTrail_SQS[each.key].id
│     ├────────────────
│     │ aws_sqs_queue.CloudTrail_SQS is object with 2 attributes
│     │ each.key is "CloudTrail_SQS_Management_Event"
│ 
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│ 
│   on iam.tf line 15, in resource "aws_sqs_queue_policy" "Cloudtrail_SQS_Policy":
│   15:       "Resource": "${aws_sqs_queue.CloudTrail_SQS[each.key].arn}",
│     ├────────────────
│     │ aws_sqs_queue.CloudTrail_SQS is object with 2 attributes
│     │ each.key is "CloudTrail_SQS_Data_Event"
│ 
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│ 
│   on iam.tf line 15, in resource "aws_sqs_queue_policy" "Cloudtrail_SQS_Policy":
│   15:       "Resource": "${aws_sqs_queue.CloudTrail_SQS[each.key].arn}",
│     ├────────────────
│     │ aws_sqs_queue.CloudTrail_SQS is object with 2 attributes
│     │ each.key is "CloudTrail_SQS_Management_Event"
│ 
│ The given key does not identify an element in this collection value.

【问题讨论】:

    标签: amazon-web-services terraform terraform-provider-aws


    【解决方案1】:

    我重构了您的整个代码,因为任何更改都会引发更多错误。在您的情况下,处理您的要求的最佳方式是使用 ma​​p,而不是 listset。如果您不想要,您不必将输入变量设置为映射,尽管这样会更容易。但是保持输入变量不变,您可以创建 local.sqs_dlq_map 并使用它:

    
    locals {
      sqs_dlq_map = zipmap(var.sqs_queue_names, var.dead_queue_names)
    }
    
    
    resource "aws_sqs_queue" "CloudTrail_SQS"{
    
        for_each                   = local.sqs_dlq_map
        name                       = each.key
        redrive_policy = jsonencode({
            deadLetterTargetArn    = aws_sqs_queue.CloudTrail_SQS_DLQ[each.key].arn
            maxReceiveCount        = 2 #var.max_receive_count
        })
    
        #tags = var.default_tags
        
    }
    
    resource "aws_sqs_queue" "CloudTrail_SQS_DLQ"{
    
        for_each                   = local.sqs_dlq_map
        name                       = each.value
       
    
        #tags = var.default_tags
    }
    
    
    resource "aws_sqs_queue_policy" "Cloudtrail_SQS_Policy" {
      for_each  = local.sqs_dlq_map
      queue_url = aws_sqs_queue.CloudTrail_SQS[each.key].id
    
      policy = <<POLICY
    {
      "Version": "2012-10-17",
      "Id": "sqspolicy",
      "Statement": [
        {
          "Sid": "AllowSQSInvocation",
          "Effect": "Allow",
          "Principal": {"AWS":"*"},
          "Action": "sqs:*",
          "Resource": "${aws_sqs_queue.CloudTrail_SQS[each.key].arn}"
        }]
    }
    POLICY
    }
    
    resource "aws_sqs_queue_policy" "CloudTrail_SQS_DLQ"{
        for_each  = local.sqs_dlq_map
        queue_url = aws_sqs_queue.CloudTrail_SQS_DLQ[each.key].id
    
        policy = <<POLICY
    {
      "Version": "2012-10-17",
      "Id": "sqspolicy",
      "Statement": [
        {
          "Sid": "DLQ Policy",
          "Effect": "Allow",
          "Principal": {"AWS":"*"},
          "Action": "sqs:*",
          "Resource": "${aws_sqs_queue.CloudTrail_SQS_DLQ[each.key].arn}"
        }]
    }
    POLICY
    }
    
    

    【讨论】:

    • ,非常感谢您的回复。我不介意重构整个代码,如果它能让我到达我想去的地方。此行是否会将每个 SQS 关联到相应的 Deadqueue------- redrive_policy = jsonencode({ deadLetterTargetArn = aws_sqs_queue.CloudTrail_SQS_DLQ[each.key].arn
    • @bibi 我添加了DLQ然后回答
    • 非常感谢您抽出宝贵的时间。我明天给你反馈
    • 效果很好
    • 非常感谢@Marcin
    猜你喜欢
    • 2022-01-23
    • 2011-06-26
    • 2011-12-12
    • 2018-03-30
    • 2022-01-23
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2021-05-15
    相关资源
    最近更新 更多