I have a lake formation permissions resource in which I am looping through users in a iam group and assigning permissions. As for the database name , this is more than 1 database. Is it possible to have a second for_each statement within the database object or will I need to do something else instead ?
resource "aws_lakeformation_permissions" "admin-lf-permissions" {
for_each = { for usr in data.aws_iam_group.admin.users: usr.user_name => usr.arn }
principal = each.value
permissions = ["ALL"]
database {
name = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name
}
}
I have the following inside my locals.tf which is what I want to ideally loop through. So for example , admin users will have access to all the databases that are specified within map admin_dbs
glue_catalog_dbs = {
admin_dbs= {
db-1 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.prod-database
db-2 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.test-database
db-3 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.dev-database
},
data_engineer_dbs= {
db-1 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.prod-database
db-2 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.test-database
db-3 = data.terraform_remote_state.glue_catalog_database.outputs.map_glue_catalog_db_name.dev-database
}
I have looked through using the for loop but am unsure if that is the way forward OR if i can make use of a second for_each loop
You can't have multiple
for_eachmeta arguments in a Terraform resource block. You should create a single, combined list of all the permissions that need to be created, and pass that to thefor_eachargument.