Search code examples
azureterraformazure-app-service-plans

how to using for_each double in terraform?

everyone.
While using for_each in terraform, duplication is coming out. In this case, how should I bypass it?

The problematic points are 1), and 2). data values must be obtained from each resource through for_each.

// custom hostname binding
resource "azurerm_app_service_custom_hostname_binding" "service_host_bind" {
     
  for_each                     =  azurerm_dns_cname_record.cname_target
      
  hostname                  = trim(each.value.fqdn, ".")
      
  app_service_name     = azurerm_app_service._service.name
      
  resource_group_name = azurerm_resource_group._rg.name
      
  depends_on          = [azurerm_dns_txt_record._txt_target]

  lifecycle {
        ignore_changes = [ssl_state, thumbprint]
      }    }

// app service managed certificate
resource "azurerm_app_service_managed_certificate" "_service_manage_cert" {
      
      for_each                    = azurerm_app_service_custom_hostname_binding._service_host_bind
      
      custom_hostname_binding_id  = each.value.id     
    }

// app service certificate binding
resource "azurerm_app_service_certificate_binding" "xtrm_service_certi_bind" {
      
      1) hostname_binding_id = azurerm_app_service_custom_hostname_binding._service_host_bind.id
      // ## how to for_each??
      2) certificate_id               = azurerm_app_service_managed_certificate._service_manage_cert.id
        // ## how to for_each??
      ssl_state           = "SniEnabled"       
    }

Currently, we have prepared several domains for redirect, and we tried to grant certificates for each.

For example, when there is an endpoint domain (www.azure.com), domains for redirect: auz-ure.com, auz-ure.com, az-ops.shop, etc.

(azure-redirect.net -> www.azure.com

auz-ure.com -> www.azure.com

az-ops.shop -> www.azure.com)

For the terraform code, I referred to the document.

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_managed_certificate

Solution

  • As you're using the same indexes for your app service managed certificates as your custom hostname bindings, you can just iterate over the custom hostname bindings again:

    resource "azurerm_app_service_certificate_binding" "xtrm_service_certi_bind" {
      
    for_each            = azurerm_app_service_custom_hostname_binding.service_host_bind
    hostname_binding_id = azurerm_app_service_custom_hostname_binding.service_host_bind[each.key].id     
    certificate_id      = azurerm_app_service_managed_certificate._service_manage_cert[each.key].id      
    ssl_state           = "SniEnabled"
}